Skip to Content

Measuring Security

There’s really no way to compare two computers running two different operating systems, Web browsers, or any other type of program and definitively say which one is more secure. That makes it hard for governments and businesses to decide how best to spend money on security–or even how much they should spend in the first place. It’s difficult to know whether a security product is effective or just has good marketing.

Consider virus scanners. They automatically examine files for malicious software, but they can only detect malware that’s already been identified. So a scanner can’t say that a computer system has zero viruses–it can just say that a system doesn’t have any of the viruses the scanner was designed to catch. But unknown pieces of malicious code have been responsible for many of the most devastating attacks to date, including the much-publicized attack on Google earlier this year.

It used to be that there were surefire ways to know your system had been hacked. Files would be deleted; attackers would alter your website or make your system crash and ask for ransom. Today, however, the goal is to steal information or take control of a computer without tipping off users. Because many attacks go unnoticed, there are no truly reliable statistics about how many computers are compromised, let alone statistics that can measure the full economic impact of these intrusions.

And yet people are trying. Research projects at the Idaho National Laboratory, the U.S. Department of Defense-sponsored Institute for Defense Analyses, and MIT Lincoln Laboratory are all attempts to develop ways of measuring security. If these projects can successfully create a set of standardized metrics, it will be easier for companies that create good products to reap a return on their investments in research and development, rather than competing on a level playing field with those who simply have a huge marketing budget and those who are selling snake oil. In the meantime, the attackers gain ground.

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.