Computer Security Versus Actual Computer Use
At what point do our computers spend most of the time keeping us "safe" vs actually doing the work we bought them for?
This question has been popping into my mind more and more lately, most times when I'm using a Windows machine or helping someone who does. It also comes up when people tout the importance of web application firewalls, VPNs, log analysis programs etc, etc.
These things have their place, but when I'm compiling software that takes a while, or a server is taking too long to boot or waiting on an HTTP request to complete, the extra overhead seems undesirable.
I recently set up a new machine for development, this time I decided against encrypting my home partition. Before this, writes to disk had been slow, particularly when creating and destroying databases. Now that I have disabled it, I spend less time waiting on IO to complete.
The risk of Captain Gary seizing and seeing my source code is something I will have to live with because I really can't stand a slow develop/feedback loop.
On a typical Windows machine you might find an anti-virus installed, scanning the machine for threats. This anti-virus may ship with a browser extension (or browser hack) that checks every link the user visits to see if it is malicious. Some even go as far as parsing downloaded scripts before they are executed, leading to more problems. Madness!
This is not a world people should grow accustomed to!
For a while now, anti-virus software has been available for Android and for a while now, I have wondered what's the point? This is a platform that does not provide privileged access by default. The most antivirus software can do is check you folders for known malware. This is a function that could be replaced by not downloading and installing every random thing you find online.
Worse yet, mobile phones tend to be resource constrained, adding a program that wants to periodically scan the file system seems like a bad idea. Then again, one may be able to argue, that by making the phone unusable, the antivirus program effectively maximizes its security.
Jokes aside, the state of computer security is nothing to laugh at. It does need to be taken seriously but it should not be prioritized over actual computing. The solution for a lot of these issues lies in the actual design of the software and systems we use and unfortunately as time rolls on and they become more integral, it's hard to change them.
That's why I believe experimentation and research is important. New developers and engineers should not be pushed to "fall in line" by learning this framework or library. Instead they need to be encouraged to question the way we have come to do things and whether they can come up with alternatives or solutions.