[cap-talk] Polaris: Virus Safe Computing for Windows XP
iang at systemics.com
Tue Dec 7 06:41:46 EST 2004
> P.S. A silly aphorism that somehow seems apropros: You can't be a
> little bit pregnant; and you can't be a little bit insecure (at least,
> not for long).
This bit I don't agree with. You can't be completely
secure, and therefore being a little bit insecure is
no bad thing, and better than the next alternative,
which would be being a lot insecure.
Security is about costs, risks, and expending the dollar
of security investment where it earns the biggest defence
bucks. In that sense, if Polaris does close of a big,
current and validated hole, and it comes at a good cheap
price, then it is good security. Obviously, the definitions
of "close", "cheap" and "good" are relatives here, and the
hard answer needs the market to decide whether the right
balance has been discovered; hence the competing aphorism
that was recently coined of:
"Amateurs study cryptography; professionals study economics."
Which is to say that this dance between relative security
and absolute security will always befuddle us; until we
stop using the notion of absolute security, we'll always
be searching for some sort of holy grail, and in the
meantime missing out on useful and efficient solutions.
PS: I don't fully subscribe to the above aphorism, but,
hey, it makes its point. There was more debate on this
over at http://www.financialcryptography.com/mt/archives/000260.html
More information about the cap-talk