Wednesday, 2. June 2010
From this article out of eweek
—“There is such a thing as security through obscurity,” Hilwa added, “and it can be quite effective in certain settings. If I wanted to have the least attractive stack for virus and malware attacks, I would use the most obscure stack I can find, potentially including custom-developed components.”—-
Al Hilwa’s IDC Profile which sadly seems to lack any security experience. His Linked-IN resume also doesn’t show an ounce of security background.
I guess we must excuse Mr Hilwa for making such an obviously flawed and universally stupid statement. But, to be thorough, let’s rip it apart piece by piece:
1. “There is such a thing as security through obscurity,”
I guess I can’t argue with that… there is. It is horrible and almost worthless security, but it’s security. An example of security through obscurity would be having the company phone directory unpublished. It provides a minimal level of security, but anyone who wants to determine the CEO’s direct line can do so with a little rigor and some social skills. If there is something to gain by hacking a target, there will be hackers attempting to break it.
2. and it can be quite effective in certain settings.
Please Mr. Hilwa, make a list of those quite effective settings in regards to computing… It will be a rather short list.
3.If I wanted to have the least attractive stack for virus and malware attacks, I would use the most obscure stack I can find, potentially including custom-developed components
Anyone who has ever worked a microsoft product knows, they already have some of the least “attractive” stacks and customizations to work with. Yet they are a prime target for security vulnerabilities, hacks, and intrusions. Why? Because there is much to be gained by hacking a Microsoft system. Banks, governments, private business, all the way down to your local churches most likely have some version of MS running somewhere. The effort versus reward basis is quite nice in the windows world, as one vulnerability can be applied to many lucrative systems.
People will attempt to counter with the concept that “Apple has a big market share, why are they not affected as much?” Apple is not hosting a large chunk of the Worlds information. Criminal hacking groups don’t want to target Jimbo Jones with his slick hair and iphone. He is small change compared to a SSN database in virgina.
Mr. Hilwa, you have a terrific set of experience in the computer world. I would just ask that you get a little more education in the security side before making such statements.