Are Security Threats More Significant Today?
It's hard to escape that perception that the computing networks face an ever-expanding number of threats, as well as a significantly higher level of potential risk.
Few topics have resonated through the years at VSM like security.
This remains as true now as when I started more than 11 years ago. Security-based articles are among the most popular topics that we run. They also rank high among the user requests, especially articles that cover security from a Web perspective.
The recent flurry of security patches from Microsoft for IE7 prompted a couple readers to write to the editor's inbox (email@example.com) to comment, not just on the frequency of attacks you see now, but on how the risks associated with these attacks have grown over time. The readers contended that it can be daunting living in the current computing environment, with so much at stake, while relying on tools that have security issues beyond your personal control as a developer.
I agree with this much: The threats you face today seem far more serious than those faced by organizations 20 years ago. At that time, the biggest aim of people who exploited security was typically nothing more sinister than to publicize their own hacking prowess. Then, as now, there existed a subculture where people would share hacked versions of software programs, especially games. Notwithstanding the movie War Games and the paranoia that ensued, the consequences of hacking then were relatively limited. From a monetary standpoint, the biggest issue then was probably piracy.
Of course, the ubiquity of personal computers and the presence of the Internet have a lot to do with the difference in perceived threat. We use computers more, we put more important information on them, and we use them in ways that make this information accessible under the wrong circumstances to people who would exploit this information.
That said, I don't think the world necessarily gets more dangerous over time; rather, our perception of the dangers seems to grow. When I was young, I remember thinking about how scary the world was for kids of my era, how the world itself seemed perpetually poised on verge of collapse and annihilation. The specifics of why have gradually faded into the recesses of time—I have vague recollections of long gasoline lines and razor blades hidden in Halloween candy. I remember well the fear of nuclear annihilation.
Once, I shared this view with a high school classmate. Julie Porter, wise beyond her then 17 years, basically responded: "I think you're right. It does feel scary to grow up now. But I'll bet you every generation thinks this. I'll bet our parents thought that. And our children will think that. And I'll bet the cavemen felt the same way when they went out to hunt food while ducking dinosaurs." (You'll have to remember: Mine was the generation that grew up with Land of the Lost on TV—man and dinosaur coexisting seemed perfectly natural.)
Her argument sticks with me more than 20 years later. And I'll bet today's world seems scarier to today's youth than did the one I grew up in. Sure, nuclear annihilation has been moved to the backburner of daily concerns, but it's been replaced by the specter of complete environmental collapse and global warming. The cycle continues.
The same is true of today's computing environment. We face a wider range of more sophisticated attacks today than we did ten years ago. And the consequences of these attacks can be more significant. There remain hackers today who do it for the glory, but there is also a mercenary strain that is out to compromise credit cards and other personal information that can be leveraged for identity theft and other purposes. But there is this, too. The attacks are more sophisticated, but so are the defenses. Computer vendors have poured enormous resources into countering these threats, and, while there continues to be an arms race between hackers and software providers, it remains a race. Consumers and businesses have many options for minimizing their security risks.
We at VSM will continue to cover security much as we always have, giving you the information you need to fend off attacks from would-be threats to your networks and businesses. And we'll do so from a proactive standpoint, not just apprising you of your potential risks, but also providing solutions and workarounds to minimize these threats to your environments.
Talk Back: Do you think that developers face an intrinsically more dangerous security situation today than they did 10 years ago? Why, or why not? Tell me at firstname.lastname@example.org or post a response to my column below.
Patrick Meader is editor in chief of Visual Studio Magazine.