Use your computer fearlessly.

Mission Services Articles Research

technical: problems: Problems, Today

Problems in Computer Security

by Brent Kirkpatrick

(Date Published: .)

Formal definitions of problems in computer security are rare.

Practical problems are in abundance in computer security, while formal definitions are still catching up. The two most challenging problems in computer security are

  • clean-up, and
  • digital forensics.
Since detection is intricately tied up in both these, it is not listed separately. First we will give English language definitions of these three, discuss how they are related, and then explain why clean-up is the hardest problem.

Our definitions will be ad-hoc, rather than formal. Detection is the process of identifying unauthorized activity, in run-time, compile-time, or data. Clean-up is the act of removing all unauthorized machine code and preventing re-infection. Digital forensics finds (obvious) traces of foreign machine code on the disk or in memory.

Digital forensics pretends that there is no hacking unless there is conclusive evidence that includes a list of steps for reproducing the infection. This means that digital forensics is conservative. Detection, on the other hand, is much more liberal. The goal of detection is to predict if a computer is hacked, even if there are false positives. Clean-up can be done regardless of detection or digital forensics, so detection is only a sufficient event to trigger clean-up. Clean-up is not finished until the hackers are contained and re-infection prevented.

Clean-up is the most time-intensive step of these three. If the hackers have implemented many automated attacks, clean-up must proceed until all the automated attacks are detected and mitigated. Clean-up usually involves taking steps to block attacks and then patching, quarantining, or restoring BIOSes and operating systems from images and clean installs. While detection is a process that is allowed to have false positives and false negatives, clean-up is not allowed false negatives.

Intrepid Net Computing uses scientific approaches for clean-up.

defendIT image

defendIT. AI-driven security measures derived from security incident data.

Technical Articles

Computer Security Today -- Why is it hard?

Why Clean-Up Hacking?
Corporate Clean-up
Life Clean-up

Digital Evidence
Chain of Custody

Business Articles

Rapid Containment of Intrusions

INC Logo

What Is New? | Contact | Tips

© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.