Cancel or Allow?
November 03, 2011 | POSTED BY DOMINIC SCHULTE IN UNCATEGORIZED
I have been enjoying a commercial that has been running for a few weeks that plays on the security aspects of two different computers:
Mac: "Hello, I'm a Mac."
PC Security Agent: "Mac has issued a salutation, cancel or allow?"
PC: "Allow, and I'm a PC."
PC Security Agent: "You're returning a salutation, cancel or allow?"
Mac: "Okay, what gives?"
PC Security Agent: "Mac is asking a question, cancel or allow?"
This parody touches on two subjects that are at the heart of information security. The first is that proper security implementation is a balancing act of costs and benefits. Everything comes at a price and security is no exception.
In order to protect our valuable information, we often have to be willing to expend valuable resources like time, money, and patience. This commercial is fueled by the very real frustration many of us feel when our time and patience are taxed by security overhead while we are trying to do something as simple as surfing the Internet.
As I said, security comes at a price and unfortunately, that price is not just the cost of a new Mac. The conversation between the "PC" and his "Security Agent" is meant to mimic a user interacting with the new Vista User Account Control (UAC). It's a conversation that is all too familiar to many of us who are accustomed to using a personal (or host-based) firewall.
This brings us to the second and less visible element of information security at play in this commercial; the idea of enumerating the good. From the advent of firewalls, the paradigm of security has long been to identify all the things we don't want in or out of our computers and networks (the bad) such as viruses and worms and block as much of it as possible. Everything that is not explicitly blocked is allowed to pass. The problem with this mindset is that the bad typically outnumbers the good and also tends to be more dynamic. Using a firewall in this manner often requires the firewall rules to be updated every time a new threat is identified.
The approach of blocking the bad is not ideal because we as end-users are typically not capable of or interested in continuously maintaining our firewall rule sets. Instead, if we could identify the things we know are good and only let them pass, blocking everything else, then we should have a firewall that requires little long-term attention (fewer pop-ups) and does a better job of protecting our information. That is the basis of enumerating the good. It is the process many of us have gone through when we are faced with a barrage of pop-ups after installing a PC personal firewall. It is similar to the confirmation required to perform certain actions in both VISTA and in Macs, contrary to what the commercial is implying. Enumerating the good is one way to decrease the long-term costs of security and balance it with the benefits.
While I hope this helps explain some of the theory behind the security you use, it doesn't change the (sad) reality that the foreseeable future holds more of these "conversations" with your computers.
PC: "I could turn him off but then he wouldn't give me any warnings, and that would defeat the purpose."
PC Security Agent: "You are coming to a sad realization, cancel or allow?"