The model of security
Marcus Ranum attacks the default permit model that many things take in the security world.
For a number of years – about twenty – I’ve been saying that “default permit” security is stupid. Basically, you’re adopting the approach that “everything is allowed” and then trying to identify the things that are known to be dangerous, in order to block them. We’ve seen this approach used in virtually every area of computer security, and it has been a failure every time. Before firewalls became popular, a lot of organizations used router filters at the edges of their networks to block “bad” applications like rsh – but eventually that approach gave way to firewalls with a “default deny” policy: there were too many “bad” applications to enumerate. Intrusion “prevention” systems take the “default permit” approach, as well. The final bell hasn’t run for them (yet) but if we look a little bit into the future it doesn’t take a rocket scientist to see what the end-game looks like. It looks like antivirus. Antivirus is the absolute pinnacle of “default permit” in action and it’s been sliding down a slippery slope of disaster since the 1980s.
He’s spot on in this way—as he often is—and I wonder how much longer we can continue this arms race in antivirus (anti-virus)? There simply is no way that we can win that war, and so it seems silly to continue on in that path forever. It has to end.
Marcus digs into the issues of execution control, which is a start, but I think that a the end of the day, it’s going to take something more elegant and user friendly. I have some ideas, I just need to put them down on paper, or pixels.
This entry was posted at 12:26 pm on 12 January 2007 and is filed under Security. You can follow any responses to this entry through the post-specific RSS 2.0 feed.
No comments found.
You can leave a response, or trackback from your own site.