WingNews logo WingNews
top | item 8638010

(no title)

craigwblake | 11 years ago

Let's put those numbers in perspective, though. The CDC [1] claims that 600,000 people die per year due to heart disease, most of the causes of which (again according to the CDC) are people's choices in food and drink. That's pretty good evidence that food, on the whole, is not safer now.

1. http://www.cdc.gov/heartdisease/facts.htm

discuss

order

schoen|11 years ago

Seems to be an interesting difficult in terms of whether the dangers in food are ones that people consuming it can expect to perceive. In an era when food poisoning was more common, maybe a lot of people knew quickly whether the food they ate had harmed them; now folks eating junk food might have to wait years to experience some of the adverse effects, and can't really relate those effects to a particular purchase or product or vendor.

I worry about a similar thing for computer security. A lot of the threats that we used to think about in terms of, say, viruses, wanted to get the user's attention either through innocuous mischief, or by showing off with spectacularly destructive behavior, like deleting files or crashing the machine or even erasing the hard drive. "Look at me, I infected your computer!" And later we saw adware which tries to get the user's attention for marketing purposes (which is definitely still a thing).

But now a whole lot of attackers have a goal of long-term, pervasive, convert compromise, to be used selectively later on -- botnets for DDoS attacks and spam, keyloggers for delayed financial fraud or government surveillance, "advanced persistent threats" to compromise infrastructure, maybe in service of transitively compromising other infrastructure.

http://www.isaca.org/chapters2/Norway/NordicConference/Docum...

So in the past there was a common expectation that a virus would do something that the user could notice, or else what's the point? Whereas nowadays if someone says "the government is spying on me, my computer displayed a weird security warning message" it tends to reduce the credibility of the claim, because we expect that botnet developers and government hackers are as covert as possible, delaying the moment when victims of compromise would notice anything's wrong for as far as possible, trying to break or obfuscate the link between the attack and its results as much as possible.

So in one sense computers have also gotten more dangerous because there are more powerful and pervasive attackers, but in another sense there may be a trend away from risks of getting any kind of malware whose effects you will notice any time soon.