[wellylug] Opensouce "infectious" and should be "Quarantined"- NZ Government..

[Timothy Goddard]

Geraint M. Jones wrote:

>It is much more forward thinking to block it at the network boundaries -
>at least that's what we do
>
>  
>
Yes, my point was that disabling it is always possible and simple.

>
>there are two types of security systems - those that work and those that
>do not. If the system is ineffective against any threat then you may as
>well not have it.
>  
>
No, working and not working are almost never black and white states. It
is an unfortunate tendency of the human mind to think this way.

No system can achieve perfect security, as any good administrator knows.
You may then say that no system fully works. However even the simplest
form of security, such as the lock on a filing cabinet (which can be
broken just by pulling hard enough), provides some measure of
protection, so a security system is never completely useless (ignoring
implementation costs). All systems lie somewhere in the grey.

The aim is to have security good enough to minimise the total costs,
including the cost of implementing security and the loss caused by a
failure in security. Often security is cheap enough to warrant quite
heavy measures, but sometimes the cost is an issue. Where security is an
impediment to normal operation of the system, you may be better off with
a less secure but cheaper system. Note that costs are not always (or
even usually) measurably in monetary terms.