Article

Internet complexity, insecurity could stifle innovation, expert says

Robert Westervelt, News Director

ORLANDO, Fla.-- Security pros are constantly weighing whether a new security policy could be costly to employee flexibility and productivity. But in recent years, one expert says, less flexibility appears to be the new standard as vendors protect their products from Web-based attacks -- and it could stifle technological innovation.

"The Internet has so many different moving parts and so many different independent hands involved that it's too difficult for anybody to do anything to make it more secure," said Jonathan Zittrain, professor of Internet governance and regulation at Oxford University and co-founder of the Berkman Center for Internet and Society at Harvard University.

While personal computers and devices are protected by firewalls and security software, attackers are finding other avenues of attack. Device makers are responding by locking down devices and configuring them to automatically update, but the result is less flexibility for their owners, Zittrain said. Like a home appliance, the devices can be easily used by their owners, but little can be done to update the internal software or configure them to make them work better.

"There's a movement to turn the PC into things like the Tivo or BlackBerry, which are tethered to their maker," Zittrain said. "The makers of a device are now determining what you can do with it."

    Requires Free Membership to View

The Internet has so many different moving parts and so many different independent hands involved that it's too difficult for anybody to do anything to make it more secure.
Jonathan Zittrain
professor of Internet governance and regulationOxford University
Zittrain gave the opening keynote at the Infosec World Conference and Expo, where security pros are gathering to attend a variety of sessions to learn about securing applications and systems from growing Internet threats. Zittrain's hour-long presentation was more like a history lesson, showing how computing devices and the Internet got its start and why the growing complexity of the Internet has increased dangerous threats and could result in less productivity.

Zittrain talked about his work as co-director of StopBadware.org, a Web site that is aiming to be a central clearinghouse for research about Websites that are configured to immediately dispense malware when visited. The goal is to slow the spread of malware by getting the sites labeled by Google and other search aggregators if they contain spyware or deceptive adware, he said. So far more than 31,000 Web sites were found to be configured to dispense malware when visited. Still, the complexities of the Internet is making enforcement of rules and regulations virtually impossible, Zittrain said.

To deal with Web uncertainties, vendors are turning their software into a service, to protect it from vulnerabilities that can be exploited by attackers. Zittrain and other experts who are studying what can be done to better secure systems and devices from Internet attacks say Internet service providers need to take a greater role in securing Web traffic.

"You don't want to let your channel of communication rules be the same channel for executable code," Zittrain said. "One hopes that ISPs take a greater responsibility."

For now, some companies are locking out employees from certain productivity tools and some vendors are tightening their grip on their proprietary software. So far the strategy is helping defend against the bad guys, said Cleveland Greene, a Department of Defense systems analyst based in San Antonio, Texas.

"You've got to increase security and you're going to realize that trade-off, which means employees will be locked into their specific business process," Greene said. "If we're gong to win the battle you've got to accept that trade-off."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: