Security and Trust
Computer security, like all other forms of security, depends on trust. When I lock the front door of my house I trust that the lock is correctly designed so that it can only be opened by someone with the correct key. I trust the builder who installed the lock into the front door when the house was built. I trust that no one else in my family has given a copy of the front door key to one of their friends without me knowing. If my house has an alarm, I trust the company that installed it, and I trust the company that monitors it.
Computer security is like house security, except it is much, much more complex and it is much, much more fragile.
Who Can You Trust?
Short answer: you can't trust anyone. Not even yourself. Also you can't trust any thing.
Long answer: here is a list of people, organisations and things that you cannot absolutely trust:
- Your wife, or husband
- Your parents
- Your children
- Other close relatives
- Your friends
- The person knocking on your front door
- The police
- Your car
- Your car's mechanic
- The company that built your car
- And so on, and so on.
Long list of people and things that you can't trust which is more relevant to computer security:
- Any software you install on your computer
- The author or authors of any software that you install on your computer
- The website that you downloaded software from to install on your computer
- The company that manufactured your computer
- The shop you bought your computer from
- The salesman in the shop who sold you the computer
- If you built your computer yourself, the companies that manufactured the components that you built the computer from
- The operating system installed on your computer
- The company, organisation or individuals who wrote the operating system installed on your computer
- Your default web browser
- Your default web search engine
- Any result returned by your default web search engine
- Any "extensions" or "plugins" installed in your default web browser
- Anyone in your family or household who has access to your computer
- If wifi is involved, your neighbours
- Any website you visit
- The owners of any website you visit
- Anyone who sends you an email
- Any email you receive (which may or may not be from an actual person)
- Your email client software
- The government
- The police
- Any CD or DVD you insert into your computer
- The publisher of any CD or DVD that you insert into your computer
- The author of an article in a magazine supposedly telling you something useful or important about computer security
- The author of this article
- Computer security software, or any software pupporting to be "computer security software".
- Any company, organisation or individual that writes computer security software
- And so on, and so on.
Failures of Trust
There are different ways in which people or things can be un-trustworthy. But these fall into two main categories:
- Malicious failure of trust
- Careless or incompetent failure of trust
For example, do you trust your 16-year old son to be in charge of the house for a few days when the rest of the family goes away on a holiday? Probably your son would not try to rob you (which would be malice) – but it is possible, for example he may be a crystal meth addict, and perhaps you don't even know that yet. However, it is more likely you would be worried that he would have a party and invite all his friends over (which would be carelessness).
Malice and carelessness do overlap somewhat, as a very common form of carelessness is when you trust someone who then decides to trust some other person, where that other person is malicious. For example, your son has a party at your house, and one of the invitees is a friend of someone else who is a professional burglar.
Also some of the people we have to trust are more likely to be malicious, and others are more likely to be careless or incompetent. If the brakes on my car need fixing, it's more likely that my mechanic will cheat me in some way as compared to my cousin who fixes cars for a hobby and who is willing to try and fix my car for free. But it's more likely that the mechanic will know what he's doing.
You Can't Go Through Life Not Trusting Anyone or Anything
Even though we know that theoretically no one and nothing is trustworthy, to actually get through each day and get things done, we do put our trust in some things.
It's just like that with computers. There's a whole lot of things that you can't actually trust in relation to computers, but in order to actually use a computer for something useful or entertaining, you have to trust something.
Things We Do and Things We Assume to Improve Trust
In "real life", i.e. anything not to do with computers, we use certain methods to deal with trust issues. For example:
- We limit how much we trust other people.
- We get things checked. For example, no one trust their car forever, but a regular mechanical check can catch problems as they arise.
- We assume a certain degree of permanence. For example, if I changed my front door lock last week and it still opens with the same new key today, I assume that the lock in the front door now is the one that I installed. But it is possible that some highly skilled individual has secretly replaced my front door lock with one that opens with my key and with some other key. Possible, but unlikely.
- We use social proof. If our friends trust someone, that we don't know, then we will be more likely to trust that person ourselves. If everyone in the country seems to trust some person or organisation, then probably we will too.
- We judge by appearances. If someone has made the effort to look good, we assume they are less likely to risk losing that investment of effort by betraying our trust.
- We rely on physical constraints. For example, if my house doors are all undamaged, and locked, and I haven't heard or seen any trace of any strange person in my house, I will assume that there is no strange person in my house. Furthermore, I would consider it extremely unlikely that a person could hide unnoticed in my house for months on end.
Unfortunately, computers aren't quite like anything else. Which means that computer security isn't quite like other forms of security, and the above techniques may not be reliable in helping us to determine what we can or cannot trust. Or we may have to use carefully designed analogues of those techniques.
Computer Analogues
Computer analogues of the above items may fail for the following reasons:
- Historically, operating system security solved the problem of other users attacking your files on a multi-user system. This completely failed to deal with the modern problem of installed software attacking your computer.
- Most computer users don't do anything to get their computer checked over time, other than trusting in pre-installed security software. Also, once something nasty gets into your installed software, it can be almost impossible to fix, because the nasty thing potentially undermines the integrity of all the other software on the computer which might be designed to ensure security. (This is part of what causes the fragility of computer security, i.e. once you've lost security, you can't get it back.)
- What we see on a computer (i.e. on the screen) is a tiny, tiny portion of all the information stored on the average home computer. It follows that whatever looks the same may actually be significantly different. What used to be word processing software is now software which does word processing and it reads all entered passwords and sends them to criminals living in some other country. But it still looks exactly the same when you use it to type stuff.
- Social proof can be helpful, but it has to be some group of people with an active interest in security issues, and a willingness to talk about them. I.e. probably not Facebook, but maybe relevant sub-Reddits such as programming and technology.
- Appearances are so easy to fake on a computer, and there's a whole science of how to fake a website linked to by a link in a fake email sent to you from an email server running on someone else's computer which got hacked by a virus because they downloaded a maliciously altered copy of a file-downloading client from the wrong website.
- Physical constraints tend not to apply to computers. Your hard disk may have 8,000,000,000,000 bits of information stored on it, which is plenty of space for something nasty to store itself. And when constraints could apply, they often don't, just to avoid some inconvenience. Like you used to have to physically move a jumper on your motherboard before you could re-flash the BIOS. Now you can do it all in software, which avoids the need to do anything scary like unscrew the case and touch the electronics with your hands.
Computer Aren't Quite Like Anything Else
To fully understand the complexities of computer security, you have to fully understand what it is about computers that makes them different to any other technology that you might know about.
And to do that you have to go to university and learn about computer science. Or, you could go on the internet and study computer science (but to do that you need to know how to use a computer, which includes knowing about computer security, which puts you in an impossible catch-22 situation of having to know in advance about the thing you are trying to learn about).
At a minimum, to have some understanding of what a "computer" actually is, you have to know how to write a computer program in a general purpose programming language. And ideally, you should understand how to write a program for one kind of computer which makes it act like some other kind of computer.
If you haven't got the time to do all that, then I will try to summarise it here:
A computer is an information processing machine which can be programmed to be any other kind of information processing machine. The technical name for this type of completely general information processing machine is the universal machine, a concept which was originally discovered by Alan Turing in 1936-1937.
So a computer is a special kind of machine that can be any other kind of machine.
In practice the user sees a computer as something that has "applications" installed on it. The individual applications are specific "machines" that solve specific problems, running as programs on the computer which is the "universal machine". Some of the applications are themselves universal machines, in effect they are themselves computers, capable of running programs within themselves, i.e. machines running inside a universal machine running inside another universal machine.
To give a very simple example, my Javascript game PrimeShooter is a "machine" which runs inside your web browser, which can be considered a special type of "universal machine", which itself runs as a program inside the universal machine which is your computer.
This flexibility is what makes computers so powerful, and in particular makes them such good value for money, since one "machine" can do the work of an almost infinite number of other "machines", limited only by the amount of effort is required to write the implementations of all those other machines.
This flexibility is also what makes computer security so much more complex and difficult than any other kind of security.
Security is all about what other people can't do to you or to your property or (especially in the case of computers) to your information.
But computers are all about the almost infinite number of things that you can do.
One of the corollaries of this power and flexibility is that people are constantly discovering new and surprising threats to computer security. To give an example that wouldn't make much sense to anyone ten years ago: random disgusting pornography appears in your social network account message page because one or more of your social network "friends" unwittingly installed some "app" into their account and gave that app "permission" to do certain things without fully understanding the consequences.
Nobody Knows How To Do Computer Security Properly
Computer security is so difficult that it is safe to say that no one knows how to do it properly.
One proof of this is that no respectable software vendor trusts themselves to produce guaranteed secure software, and it is now routine for all major software applications to include mechanisms for regular security updates to fix any security problems with current versions of software.
(One of the advantages of Linux-style package management is that there is essentially a single place to do all updates, as compared to Windows where you have to press "OK" on Microsoft updates and Adobe updates, and Mozilla Firefox updates and Oracle/Sun Java updates and Google updates and Apple itunes updates and so on.)
The rate of required updates is so large that it is almost impossible to connect securely to the internet on an old-fashioned dial-up connection, because your internet will not be fast enough to keep up with the required security updates.
Learning How to Secure Your Computer On The Internet
I Googled "How to Secure Your Computer", but I could not find any resource that attempted to give the reader a good understanding of what one is really up against when trying to secure a computer.
Most of the sites giving security advice to the "average" user give a list of specific actions to take, without giving any detailed explanations of the threat models that those actions protect against, without describing any general theory of computer security, and without describing the costs or associated risks of the recommended actions in the list. Inevitably the list is finite, so there are plenty of security issues not in the list.
So instead I Googled "How to Base Jump", and I learned the following:
- You should have done at least 100-200 "normal" skydives.
- You should take one or more courses costing thousands of dollars learning about how to base jump.
- Even after doing all that, there's still a good chance you'll kill yourself.
I'm guessing that a similar amount of effort is required to learn enough about computer security, to have some reasonable chance of keeping your own home computer free of nasty software.
You Can Drive Your New Car Off the Lot If ...
To look at a different analogy, how qualified do you have to be to drive a new car off the lot?
In general, you just need a full driving licence, which a normal adult could acquire from scratch with no more than a few weeks of learning and training.
One thing that makes learning to drive easier than it might be otherwise is that cars are legally constrained to be manageable by the average driver.
To put in another way, you don't require a PhD in physics to drive a car. You don't even need to understand what the word "physics" refers to.
A closer analogy with computers is buying a helicopter, and being allowed to fly it home, without any licence or prior training.
The probability of the average person flying a helicopter home without crashing it is approximately zero.
Something similar happens with computers. Within a week, the "average" computer user will probably have something nasty or at least unpleasant installed on their computer. And probably something undesirable was installed on their computer even before they took it home.
The Constrained Computer
One possible solution to this problem is to buy a computer so constrained in its operation that it's not really a computer (i.e. theoretically, it's a "machine", but not quite a "universal machine").
The most well-known example of such an "almost" computer which is more than just a games console is Apple's iPad. The iPad reduces much of the security risk of computing by severely limiting what the user can do to their own computer. The iPad does this by only allowing software to be installed that comes from the official Apple App Store.
This doesn't solve all possible security problems – for example it doesn't protect against various ways in which someone can "break in" to website accounts which don't depend on breaking into the user's own computer. It also forces you to "trust" Apple Inc., whether you like it or not. But it does eliminate a substantial class of nasty things that happen to normal "home PC" users.
And If You Want a "Real" Computer?
If you've read this far, you'll notice that I have made some attempt to describe the enormity of the problem which is computer security for the average computer user, but I haven't really specified a full answer, or much of an answer at all.
So I will finish with an outline of a possible solution: those of us who understand something about computer security need to create a website which describes the general theory of computer security, in terms of trust models and the like, which is written in the simplest and clearest possible language. This theory also need to give specific examples of security actions that "average" users should take, with explanations of how those actions fit into the general theory, i.e. what the trust model is that is relevant to each action, what is being threatened, how it is being protected, and so on.