I saw a bumper sticker the other day that made me think about the trite things often said in InfoSec. The bumper sticker said (paraphrasing):
“War never solved anything, except ending communism, fascism, nazism, and slavery”
While somewhat nonsensical, I’m sure a lot of folks cheer the sentiment. I really wasn’t in the mood to interrupt my vacation to discuss the state of global communism, the fall (and pending rise) of Russia; China, its sphere of influence, and the economic power wielded there. Nor did I wish to engage on fascism’s passing due to natural causes when Franco died a comfortable old man. I’ll give him the nazism thing, but given the number of people enslaved globally that is far from “ended”.
My point is not about the politics of war, but about the temptation to buy into things which “sound right” and make you feel good. Things are rarely that simple. Let’s consider anti-virus, the Schrödinger's cat of InfoSec (reported to be both dead and alive, and we don’t know for sure until we open the malware). The truth is that it is alive, but sickly; hairballs everywhere in spite of special diet of CPU and RAM.
If the answers were bumper-sticker-easy, InfoSec wouldn’t be fun. Of course, some days (especially post-vacation Mondays) I would settle for less “fun”.