Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Akamai’s operations center can monitor attacks, but there is no definitive way of gauging how secure the network is.
  • Intelligent Machines

    Measuring Security

    There’s really no way to compare two computers running two different operating systems, Web browsers, or any other type of program and definitively say which one is more secure. That makes it hard for governments and businesses to decide how best to spend money on security–or even how much they should spend in the first place. It’s difficult to know whether a security product is effective or just has good marketing.

    Consider virus scanners. They automatically examine files for malicious software, but they can only detect malware that’s already been identified. So a scanner can’t say that a computer system has zero viruses–it can just say that a system doesn’t have any of the viruses the scanner was designed to catch. But unknown pieces of malicious code have been responsible for many of the most devastating attacks to date, including the much-publicized attack on Google earlier this year.

    This story is part of our July/August 2010 Issue
    See the rest of the issue
    Subscribe

    It used to be that there were surefire ways to know your system had been hacked. Files would be deleted; attackers would alter your website or make your system crash and ask for ransom. Today, however, the goal is to steal information or take control of a computer without tipping off users. Because many attacks go unnoticed, there are no truly reliable statistics about how many computers are compromised, let alone statistics that can measure the full economic impact of these intrusions.

    And yet people are trying. Research projects at the Idaho National Laboratory, the U.S. Department of Defense-sponsored Institute for Defense Analyses, and MIT Lincoln Laboratory are all attempts to develop ways of measuring security. If these projects can successfully create a set of standardized metrics, it will be easier for companies that create good products to reap a return on their investments in research and development, rather than competing on a level playing field with those who simply have a huge marketing budget and those who are selling snake oil. In the meantime, the attackers gain ground.

    Want to go ad free? No ad blockers needed.

    Become an Insider
    Already an Insider? Log in.

    Uh oh–you've read all of your free articles for this month.

    Insider Premium
    $179.95/yr US PRICE

    More from Intelligent Machines

    Artificial intelligence and robots are transforming how we work and live.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Bimonthly print magazine (6 issues per year)

      Bimonthly digital/PDF edition

      Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

      Special interest publications

      Discount to MIT Technology Review events

      Special discounts to select partner offerings

      Ad-free web experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Bimonthly print magazine (6 issues per year)

    • Insider Online Only {! insider.prices.online !}*

      {! insider.display.menuOptionsLabel !}

      Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

    /
    You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.