From the mouths of “experts”
There is only one problem with experts –
they are PEOPLE, too! 
In California, we have a lot of what I call “Voodoo Medicine” and “Voodoo Nutrition” (by analogy with the Reaganomics synonym, “Voodoo Economics”). Coming from an educational background in the biological sciences, I know a bit about how much is UNKNOWN in metabolism and regulation, and how complex biological systems, such as natural environments and the human body, actually are. When I hear claims from “experts” about types of “Voodoo Medicine” and “Voodoo Nutrition,” let’s just say that I am “skeptical.”
Information systems are complex too, and created and run by PEOPLE.
On February 1, I saw the title of an interesting article by Elinor Mills of CNET, who did such a good job informing us about the Google + Adobe + “the Silent 32” who were attacked, apparently from China, through a defect in Internet Explorer 6, 7, and 8 that has since been patched. The title is: “In their words: Experts weigh in on Mac vs. PC security.”
Ms. Mills conducted an informal survey of security experts, and included edited comments from an interview with Microsoft and a link provided by Apple. She started, interesting enough, with a bar graph of the perceptions of Americans with regard to security on Mac and PC.
Then came the comments from experts… but unfortunately, THEY are PERCEPTIONS, TOO!
The comments make FASCINATING reading, and for the most part, I will let you read them yourselves, rather than quote many of them here. Perhaps the comment of Paul Ferguson, network architect at Trend Micro is most informative:
Many of the other comments reflect the position of the “expert,” often working for a company serving customers on both Mac and PC. The expert is not free to speak his/her mind publicly, since the expert is not allowed to alienate customers.
Another consideration is that the upper management and executive experts that were questioned, beside being EVEN MORE aware of the dangers of alienating customers, are predominantly Myers -Briggs “thinking-judging” personality types, simply because these types are “selected for” at higher levels in organizations. Such types often do a lot of “judging” with very little “thinking,” coming to snap judgments with very little (insufficient? ) data.
I found a comment by “3ric” Johanson, security researcher, to be very “telling:”
This gentleman seems to find the statistic of “published vulnerabilities per user” to be all that is necessary to answer the question from CNET, as though that one satisfying statistic was perhaps all that was needed to make up his mind. Personally, I find the statistic of “published vulnerabilities per user” to be insufficient to answer the question and insignificant all by itself – but that is just me, since I don’t make snap judgments with little data (which is plural, by the way).
If you read the comments by “experts,” you will find everything from faulty logic, to personal prejudice, to “begging the question,” to semantic arguments about the word “security” vs. “safety” vs. “riskiness.” There are arguments about the much improved security of Windows 7, which just came out and which comparatively few people are using, yet (or perhaps, even TARGETING yet ). In the “real world,” people who visit my Web site on Windows PCs are running predominantly XP, and SOME (remember, the “World Wide Web” is “worldwide”) are running Windows 3.1! (This version of Windows might be from before some of you were born.)
Other comments by “experts” might be related to “job security.” If you are working as a security expert in a “Windows shop,” you MIGHT NOT want to say many bad things about Windows.
ALL of the comments from experts suggest that WHICHEVER conclusion was reached, a conclusion WAS reached by the expert who was questioned. The conclusions were reached in very HUMAN ways, by different people and personalities, and the experiences of the experts led to DIFFERENT conclusions.
The comments reminded me of a true story told in graduate school about two different biochemistry professors from different countries who always disagreed about the results of a particular experiment. The professors agreed to work in the same lab to run the experiment. In looking at the same results from the same experiment in the same laboratory, side by side, the professors came to DIFFERENT CONCLUSIONS!
There seemed to be at least a majority of folks interviewed in the CNET article who agreed that market share, “human engineering” (getting a human to click a link), and applications (rather than operating systems) are important with regard to security today.
Enjoy the article. It tells much more about human beings than about operating systems.
Be careful when you trust “experts.”
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
©2010 William F. Hackett. All Rights Reserved.
