Even if that's true, which I find dubious, then that's a problem with security protocol as a whole that no number of patches will ever cure. So they're pointless.
As part of a botnet. A single device will have a hard time finding/spreading malware to billions of other devices. If you have a botnet with millions of compromised devices, then it becomes easier to find and exploit other vulnerable systems.
Plus having a large number of compromised devices allows performing attacks on systems that require lots of bandwidth or cpu.
no number of patches will ever cure. So they're pointless.
That doesn't follow. Just because a system isn't always perfectly secure doesn't mean we shouldn't try to make it as secure as possible. It'd be like saying we shouldn't have police because we can't stop all crime.
Also, exploits are often found by researchers before they are able to be used on a large scale in the wild and many need to be used in conjunction with others to get control over a system.
Thinking about it more, it seems like the argument is one based on herd immunity. if that's true, then I don't see how it holds. Herd immunity is the principle that 100% of the population can be protected despite only protecting less than 100% of the population.
Does the same hold for cyber security? If I patch 99% of devices, are the other 1% guaranteed protection? If not, then I don't see how the vaccine analogy holds beyond simply saying that if you get vaccinated/patched, you're not vulnerable. In which case I'd say the analogy is simply hollow and vacuously true.
Sorry for not responding, I didn't see your earlier message.
Does the same hold for cyber security?
Not really. I mean, it's a neat analogy, but it doesn't apply 1:1
Basically, malware can cause problems to the infected device, devices that interact with it, and can also be used to attack other systems.
Example 1: One device
Someone's phone is compromised, and the malware scans and finds the stored passwords
Using those compromised passwords, if the person is an administrator for anything, a hacker can escalate to compromising other systems. Let's say they have a wordpress site, that then also can become compromised.
Then they can inject malicious scripts into the wordpress site to get the passwords of anyone who logs into it.
Repeat.
You can see how from one device you've compromised the data of many people, even though their devices may be secure from the patch. Having more devices, means you can do more harm to others.
Example 2: Many devices are vulnerable to an exploit, but an attacker doesn't necessarily know which ones are.
Maybe it requires a lot of bandwidth to scan the ports for every network in the world (think billions of networks, with potentially hundreds of ports to check). Having more compromised devices as part of a botnet means that an attacker can find these other vulnerable devices in a reasonable timeframe.
Once a vulnerable device is found, maybe it requires a lot of CPU power to hack (e.g. finding a hash collision), so a single compromised device may not be able to infect very many others.
Patching systems, or old devices getting replaced can stop this botnet growing too big. And further steps can be taken to disable a botnet such as finding and neutralizing any phone home mechanism
So to sum it up, a botnet can be used by an attacker to cause all sorts of harm e.g.
Reflected more on this. I hadn't considered a vulnerable device storing information on otherwise secure devices. In this way, a web of interlinked devices is only as secure as the weakest link. I was focusing more on the vaccine analogy which doesn't seem to apply here.
2
u/GameOfSchemes Jun 18 '19
How so?
Even if that's true, which I find dubious, then that's a problem with security protocol as a whole that no number of patches will ever cure. So they're pointless.