[cap-talk] Polaris: Virus Safe Computing for Windows XP

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Tue Dec 7 13:41:09 EST 2004

Ian Grigg wrote:
>>P.S. A silly aphorism that somehow seems apropros: You can't be a
>>little bit pregnant; and you can't be a little bit insecure (at least,
>>not for long).
> This bit I don't agree with.  You can't be completely
> secure, and therefore being a little bit insecure is
> no bad thing, and better than the next alternative,
> which would be being a lot insecure.
> Security is about costs, risks, and expending the dollar
> of security investment where it earns the biggest defence
> bucks.  In that sense, if Polaris does close of a big,
> current and validated hole, and it comes at a good cheap
> price, then it is good security.  Obviously, the definitions
> of "close", "cheap" and "good" are relatives here, and the
> hard answer needs the market to decide whether the right
> balance has been discovered;  hence the competing aphorism
> that was recently coined of:
>   "Amateurs study cryptography; professionals study economics."

Hmm. Every time someone raises the "security is economics" argument
here, it seems to be to support a position that I strongly disagree
with on *technical* grounds. Perhaps this is just because I'm estimating
the costs of attack differently, but it also makes me suspicious of
the argument.

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list