Security By Obscurity Is Becoming A Target By Itself

When you want to protect something there are many ways to go about it. It does not matter if you are in the real world or in the virtual one; you will find that there are several ways to protect the items that you own. For example, in the real world if you had an item that you wanted to secure you could go several routes. One route is that you would buy a lock and lock the item up. If it was too small for a lock you would then instead buy a safe and place the item in there. This should be enough to stop most criminals would try to steal this item. The amount that you paid for the safe or the lock would all depend on how expensive or important the item was to you.

In the virtual world, you could do the same thing. But instead of buying a lock you would place a bit of encryption around the item. This would mean that no one would be able to get in at all without your permission. You would be the only person that was able to get in because just like the real world, you would have the key. Instead of a physical key inside of your hand it would be a digital key. And just like in the real world, when you would have to pay for different levels of quality with your locks or safe, the quality of encryption differs as well. The amount that you pay to keep the file or files safe would all depend on how important the item is to you. Luckily these days there is a lot of quality encryption solutions that cost nothing but the time to learn how to use them.

Security By Obscurity Is Becoming A Target By Itself

Security by obscurity

For both of these scenarios the second way that you could secure your items is to hide them. Hiding is an age old way of securing something and it has worked in the past. When a pirate would want to secure his treasure he would bury it somewhere so that no one would be able to get to it. But while the hiding option can work, it is still not very secure. If someone was to find the map of where the treasure was, the pirate’s gains would be gone.

In the digital world, using the ability to hide as your security would be known as security through obscurity. This means that no one knows how to crack your software or not enough people know about it or use it so there is no need to think about security that much. And while people said this was not a true security model there have been some examples of it holding up under scrutiny. For example, for years Apple products were known to be the computers that did not get viruses. Apple devotees were happy about this and made sure to rub it in the faces of other people who used different operating systems. But recently the profile of Apple computers has risen tremendously. Now you are starting to see different types of malware penetrate the system.

With great popularity comes big exploits

And that is the problem with security through obscurity. Because most people want their products to be successful the model is flawed. As soon as your product starts to get noticed by the black hat community then you start to see problems.

When it came to Apple computers, the problem was not that they were unknown. Apple computers are very popular in the programming community. The problem for black hat hackers was that not enough regular people used the computers to make it worthwhile to develop an exploit for them. You need to have a wide range of people to target for an exploit to work. If you do not have that then there is less chance that you will be able to infect someone and your exploit will be a failure. So since most of the population uses the Windows operating system on their computers it then made more sense to go after them. When Apple computers and products became popular, all of a sudden a number of security flaws started to show up.

But Apple is not the only company who try to have security through obscurity. This line of thinking has run rampant in the development community for a long time now. While the big companies can be bad, the individual developer can be even worse. But that is less their fault since they do not have the resources to be able to handle the security testing that is needed to make sure an item is safe.

If you are a developer you have to remember that you need to learn about security just as much as you need to learn about the latest programming technique. If you do not then you will find yourself paying a huge cost down the line when your software is actually popular.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind