15 Apr 2011
The security industry should focus more on embedding security in hardware rather than software.
This is according to Paul Kocher, president and chief scientist at security firm Cryptography Research, and it goes against what many commentators on the subject argue.
Speaking exclusively to Computing, Kocher said that security software may be effective against viruses, but it won't withstand a persistent targeted attack.
"Security software is best at addressing threats such as viruses that propagate widely and are therefore known to the security software developer.
"Security software can also help limit the amount of functionality that a malicious adversary can directly access, but is much less effective against targeted, customised attacks."
Those who argue against security embedded in the hardware say that hardware isn't adaptable to new threats.
For example, Jay Abbott, director UK threat and vulnerability management, PwC, said: "Moving security into hardware brings performance and complexity increases, but also creates inflexibility to change."
But Kocher explained that even a perfectly written piece of security software still won't necessarily protect a device from failures in other programmes.
"Suppose you write a secure email application and, for the sake of argument, make your program completely bug-free. Even though your program is perfect, your users will also run other applications.
"For example, if a user visits a web site that exploits a vulnerability in the user's web browser, an adversary can install some malware on the user's computer. Even though your application was not at fault, that malware can compromise the security of your email program."
Security in hardware will help protect against software vulnerabilities elsewhere, he said.
"With hardware you can achieve much better separation. For example, if the email application and the browser ran on separate computers, vulnerabilities in the browser wouldn't automatically compromise the email application."
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
