How effective do you think security by obscurity is?

Discussion in 'polls' started by Sully, May 3, 2013.

?

Do you think security by obscurity is

  1. Very effective for how I do things

    12.1%
  2. Moderatly effective for how I do things

    24.2%
  3. Would provide minimal benefits for how I do things

    24.2%
  4. Offers nothing for me at all

    39.4%
Multiple votes are allowed.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    I think it's the question of security by functionality.

    For example, a non-JS capable PDF reader.
    Automatically, you eliminate 99% of all PDF exploits.
    But people might ascribe this to their product being obscure.

    Sometimes, it's the simple lack of visibility.
    But sometimes it's the functionality that causes obscurity.
    Because if it's as good, then it ought to become popular - e.g. Firefox.

    It's virtually impossible to separate functionality from pure obscurity.
    Moreover, which ones dictates which? Do you choose obscure products?
    Or you choose functionality - and it happens to be obscure.

    Mrk
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I voted moderately effective. I normally wouldn't prefer it as a model, say going with an OS without much security software but is non-Windows so you know it's targeted less. I'd rather have the tools to go along with my ability to harden and get a Windows OS closer to another one that's hard right out of the box.

    But as an XP Pro user (still), I am in some regards relying on this approach at this point, so I can't ignore it. I very well may even use it past it's EOL, and at that point I'll be relying on it even more-so. Right now XP isn't being targeted nearly as much as Vista/7/8, and that's good news for me. And if I limited my attack surface (greatly), it benefits me even more, which is why now more than ever I'm on that mission. Which is why when I see a tool like EMET I wonder to myself... is it worth taking on the surface of .NET FW v4 to use this thing to prevent exploits that probably will never find it's way onto an XP box not running Java, or coincidentally .NET FW in the first place? And ultimately decided that the answer to that was "No" in the end.

    Though I do look very forward to Open EMET, or any tool that does the same thing without adding attack surface. So I wish God-speed to LarryPepper on that...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.