The Burden of Protection

As machines evolve, they put more effort into protecting themselves against their users, not always to the individual users satisfaction. But the measures are necessary because our reliance on machines means that any malfunction can have consequences that go far beyond one persons inconvenience.

Thats the dilemma facing builders and buyers of information systems as the complexity and the criticality of those systems continue to increase.

/zimages/4/28571.gifClick hereto read more about Intels new way to de-worm PCs.

The Asimovian notion of systems defending themselves and others against human abuse—shades of the masters “I, Robot” stories—comes to mind as we learn of

Intels research into a so-called Manageability Engine, discussed at the Intel Developer Forum in San Francisco late last month. Intel Corporate Technology Director Justin Rattner spoke there about “systems with the ability to do no harm,” aimed at the problem of worm and virus attacks that spread too quickly to be countered by any process thats slowed by human reaction times.

Intel researchers propose to automatically detect patterns of activity that may indicate an attack, as well as activate a control facility to block the activity. As much as we applaud the concept and believe in Intels ability to make it real, were also concerned about the ways that this approach could go wrong.

A legitimate but unusual surge of activity in a system, such as a public-safety systems response to a disaster situation, could perversely trigger a “protective” reflex that hampers the systems ability to do its job at just the time that peak performance is most important. Attackers, moreover, will doubtless find methods to induce a system to misbehave in a way that turns protective features against themselves, launching new forms of DoS (denial of service) attacks that come from within the system itself.

It may be a neat science project, but any approach of the kind that Intel describes must grapple with real-world situations rather than laboratory test-case conditions.

A system thats genuinely capable of telling the difference between legitimate and malicious computer and network use would be more than just a neat hack. It would be a breakthrough in machine intelligence. Meanwhile, theres an urgent need for IT operators to do more with the kind of intelligence thats already at hand. Client machine configuration lockdowns, careful management of digital asset privileges, effective user training, good usability engineering and prompt remediation of known vulnerabilities are measures that are within our power now to employ.

Networked computers are morphing into a public forum for government services, commercial transactions and entertainment offerings. These systems must be responsibly managed using prudent practices devised by those who understand technologys limitations. If not, they may wind up laboring under the burden of heavy-handed safeguards imposed by lawmakers who only understand that the voters are frightened and angry.

Tell us what you think at eWEEK@ziffdavis.com.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.