@masonwheeler said in Equifax Part 2:
@lb_ Cars are still ridiculously safe. Stupid user actions that would have killed the stupid user 20 years ago can now be walked away from, which I think is the point the author was making there: you can't prevent stupid, but you can mitigate the damage. (Just look at the guy who lost control of his Tesla and it jumped off the road, went right through a brick wall, plowed into a tree and then caught fire and he and his passengers all walked away from it unharmed!) They've done that with cars, but much less so with computers.
I see a huge flaw in the analogy, though. With cars, there are scenarios that must be protected against regardless of how the scenarios occurred: Keep the passengers from hitting hard surfaces at high speed, limit bodily movement in the event of collision, etc. That's why we have such advanced safety features, yet there are still holes that we are working to fill. Of course, when it comes to vehicle safety, we are working against essentially known quantities: the laws of physics.
Now, like cars, computers do have some static scenarios that must be guarded against no matter what, but the problem in those scenarios is that we are working against constantly evolving antagonists. If hackers were only using the same tactics now that they used 5, 10, or 20 years ago, hacking would likely be a non-issue. But on top of that, there is also the concern of protecting against bad behavior under only specific circumstances. How do you detect a good login versus a bad login, without inconveniencing the user? Or is it worth inconveniencing the user? How do you improve the install process to allow the user to install the software they want, while preventing the install of constantly evolving malicious software?
The analogy sounds nice on the surface, but the problems are worlds apart.