… And just buying time you time with the dishonest ones.

Which is the great truth. Security just buys you time. If a burglar really wants to get into your place, they will.

But more often than not, they’ll move on to the easier target.Bank robberies by month, January 1998 to April 2002

We saw this in the 1990’s, when banks installed anti-hold-up security screens. The criminals just moved on to easier targets, such as Petrol / Gasoline stations.

So it is with computer security. You want to do as much as you can, so the bad guys want to move on to the next system.

Sure, the things you do ARE going to devalue over time. New vulnerabilities will be discovered in your security measures*, so you need to regularly assess what else can be done to improve your computer security.  Microsoft recognised# this when they developed the SDL, and they use it to this day.  You can see the benefit of this by looking at a comparison between Vista and XP right here.

First Year of Vulnerabilities XP Vista Comparsion

Which brings us to “Security by Obscurity+. Yes, it’s a good thing in my opinion.

Why? Because it gives you a layer of defense against dishonest people (primarily taking about script kiddies here). But it had better not be the only layer in your computer security plan.

Want to learn more about security?  "Well here’s the deal!", as the man said.  Invest some of your time in Kai’s security Webcasts.  I’ve blogged about them before.

Update: Or perhaps it’s "Aggressive Kindness"


Dale’s past experience includes performing risk assessments for desktop systems, reviewing desktop security audits, and working on a holdup alarm desk in the retail banking industry.
He knows there’s no money in robbing a bank.

* The discovered flaw with anti-hold-up screens was the staff entry door next to the bank teller counter. A 14-pound sledgehammer made for quick/effective entry. Until bank security fixed that flaw.

+ IBM relied on this with the MVS system. If you had access to a terminal, you could cause a denial of service. The security risk assessment didn’t take into account publicly accessible terminals (think public libraries).

# what they recognised was that a number of their products were not designed well from a security point of view.


Australian Institute of Criminology – No. 253 – Bank Robbery In Australia

Bookmark and Share 

Comments are closed.