Matt Cutts Promoting Security By Obscurity?
Matt Cutts has recently posted an article about Fuzz Testing.
For those of you that are unaware fuzz testing is the art of testing a piece of software by giving it random input. The reason this can be effective is that it can trigger unforeseen bugs within an application. In fact Matt gives an example of tests carried out on UNIX software which found that a substantial percentage of softwares were vulnerable and the fuzz testing caused the application to crash.
The bulk of the article is about how Google has a job on it’s hands and has to account for almost every eventuality. But he then goes onto show that you the user have a role to play as well. Your role is ensuring that the software you run is fully updated and hardened as much as possible.
1 thing that worries me however of what Matt says is that he gives a list of things you should take away from his article. The 3rd point on the list is as follows:-
If you’re an internet user, make sure you surf with a fully-patched operating system and browser. You can decrease your risk of infection by using products off the beaten path, such as MacOS, Linux, or Firefox.
Why is this so perplexing. Well it is quite simpl. Matt seems to be encouraging people to use software that is not considered the standard. Although these pieces of software are very good (and I use 2 of the mentioned softwares myself), he is in fact promoting what is akin to security by obscurity. The majority of web exploits at the moment are geared towards Internet Explorer for 1 very good reason. Internet Explorer is the standard. However in this example Firefox is gaining ground on an extremely fast rate.
Once hackers and malware makers decide that a big enough percentage of users are using a different piece of software they will in fact start exploiting that more. Where will that leave you, well if you simply changed software thinking it will make you safer, the chances are you will not be safe. You will most likely have not taken any steps to make your pc more secure.
By all means if you wish do change the software you use, but also ensure that your operating system, firewall, anti virus, browser and any other pieces of software are kept up to date. Do not become complaisant thinking you are safe because you are using a piece of software that is not considered a standard.