Security conflicts

Bruce Schneier, founder and CTO of Counterpane Internet Security, tackled the economics of information security in his LinuxWorld keynote.

The rise of the Internet has taken us to the point where some companies would go bankrupt if the Internet disappeared, Schneier said. For individuals, the reach of the Web means we no longer control most of our personal information, he said.

Schneier also described a fundamental conflict between personal and corporate security.

Most security we think of protects individuals from bad things in the outside world -- hackers, criminals, malicious Web sites, worms and viruses. But more and more, security is being built to protect someone else from the end user, who is viewed as a potential attacker.

"You can't do both," Schneier said. "Either I can design security to protect you or to protect from you. They are very much in opposition those two things. Which is why the Sony DRM rootkit, because it is protecting from you, made you more vulnerable, and your security software, which protects you, annoys the DRM systems and makes them less effective. You can't do both."