The fundamental flaw in PC security March 8th, 2007
Heard in the antispam community (and reproduced with permission):
The fundamental flaw in the idea of DRM is that it's not possible to simultaneously show something to someone, and not show it to them.
Is the fundamental flaw in PC security that it's not possible to simultaneously allow users to execute arbitrary code (or make arbitrary network connections, or whatever) and not allow them to?
Huey Callison
Astute, I thought. I've known for ages that the RIAA is ripped off repeatedly by crackpots who claim to have the final ultimate solution to digital rights management, because of this problem. But it had never occurred to me that PC security is the same class of problem.
Until users can't execute arbitrary code on their own personal computers, the security of those computers is a measures / counter-measures game at best.
This is worth bringing up next time someone in the board room laughs at you for suggesting you deliver application functionality via the web.