Tuesday, September 14, 2010

maybe they should ban computers while they're at it

(look what i found in my drafts folder - i knew i had written about this at the time but i've been having a devil of a time trying to find it in order to refer back to it. how did i not hit the publish button? apparently this incident triggered what has now become known as operation buckshot yankee.) 

[originally written nov. 22, 2008]

so the US military, unable to get a handle on the spread of malware by USB drives, has opted to ban the drives outright in order to deal with the malware...

there are easier ways to deal with autorun malware (like disabling autorun, deploying application whitelisting technology, or even even  setting up something like sandboxie to only open USB drive content in a sandbox)... banning USB drives strikes me as a move made out of desperation by someone who doesn't understand the nature of malware and why/how it spreads...

any organization (be it a company, school, government agency, or the military) that wishes it's members to utilize computers for some non-trivial task are going to employ some kind of division of labour... that means different people will work on different parts, often at the same time and so requiring different computers... in order to combine the fruits of their labour and achieve the organization's goals it is necessary to share the outputs of their efforts... removable media like USB drives are just one path through which data can be shared between computers... any path that can be used for sharing data can also serve as a vector for malware...

banning usb drives may block this one form of malware (though since they don't appear to be implementing technological preventative controls, but rather administrative preventative controls backed by technological detective controls, i suspect they won't be entirely successful), but it leaves open the threat from CD's/DVD's/floppy disks, email, network connections in general, etc... if you're going to try to block malware by banning it's attack vector then you might as well do it for all the attack vectors, but that's going to make the division of labour in a computer-dependent project impossible to support because it will leave no paths for sharing data... without the division of labour, non-trivial computer-based tasks become next to impossible, leaving only trivial computing tasks... but then, if you can only do trivial computing tasks, what good is a computer to you? not much...

0 comments: