Preface

Previous page
Table of content
Next page

THERE'S AN OLD JOKE THAT COMPUTERS ARE ACTUALLY EASY MACHINES TO SECURE: just turn them off, lock them in a metal-lined room, and throw away the key. What you end up with is a machine that is very secure, just not very usable.

Of course, people need to use computers, not just think about them. So while this secure computer is safe in its metal can, people who need to get their jobs done will use other computers with significantly weaker security properties. They may have their passwords recorded by keystroke loggers and sent to bad guys in Russia. They may go to web banking sites that happen to be run by illegal cartels in South America. They may use portable laptops that are targeted and stolen at trade shows. And when they are done, they may format their hard drives and throw them awayunaware that their computer's "format" command doesn't delete any data at all.

Many people believe that there is an inherent tradeoff between security and usability. A computer without passwords is usable, but not very secure. On the other hand, a computer that makes you authenticate every five minutes with your password and a fresh drop of blood might be very secure, but nobody would want to use it.

But as the world around us makes clear every day, if people are unable to use secure computers, they will use computers that are not secure. At the end of the day, computers that are theoretically secure but not usable do little to improve the security of their users, because these machines push their users away to less secure platforms.

As it turns out, the converse is also true: systems that are usable but not secure are, in the end, not very usable either. That's because these systems don't last: they get hacked, compromised, and otherwise rendered useless. In November 2002, the Honeynet Project documented that unpatched Windows 2000 computers placed on the Internet were being compromised after just five minutes.[1] And this is not a problem that is confined to Microsoft operating systems: systems running Linux and other operating systems are also compromised with alarming frequencyjust not quite so fast, because there are fewer worms running loose on the Internet that can infect these systems.

[1] The Honeynet Project, "Forensics" (Jan. 29, 2003); http://honeynet.overt.org/index.php/Forensics.


Previous page
Table of content
Next page
Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
BUY ON AMAZON
Qshell for iSeries
Managing Enterprise Systems with the Windows Script Host
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Java How to Program (6th Edition) (How to Program (Deitel))
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy