The effectiveness of “security through obscurity”

I don’t believe that security through obscurity is ideal or ultimately effective. I don’t believe it’s a generally good security approach. Nevertheless, it is not often the same as no security at all. Security through obscurity can have its place.

A few years ago, when it was brought to light that the newest (at the time) Ubuntu version stored the administrative password in plain text, that incident was a huge embarrassment to Ubuntu developers, and they fixed the security hole within hours of it having been brought to their attention. Nevertheless, it had been in place for months prior to being brought to the developers’ attention. Were any Ubuntu installations compromised because of this bug? Probably not.

Likewise, most people don’t know that physical access to a computer means (except in rare cases) total administrative access. If you encrypt your drive, you can prevent unauthorized access to your files. If you put a password on the BIOS and disable booting from CD, you can slow down or make more inconvenient the unauthorized access. Maybe that’ll stop people from compromising your computer if you’re away from it for only a few minutes.

Many users are naive to just what prolonged physical access means, though, in terms of security, and that’s dangerous, because then security through obscurity works against you. I used to believe (before I started using Linux) that having my laptop prompt me for a password upon waking the computer would mean that if my laptop were ever stolen, no one could get my files. Before I booted a Knoppix CD on his laptop, my dad used to think a fingerprint scanner would prevent people from seeing his files. In these cases, the “security” is obscured for the user and not the thief.

If a thief makes her living by taking the data off your computer (probably for the purposes of identity theft) and not solely by selling the hardware, she probably knows exactly how to access your data, whether it be resetting the BIOS password, booting from a live CD, or even moving the hard drive to another computer.

There have been quite a few debates about whether recovery mode in Ubuntu should exist or perhaps be hidden by default. In Windows, if you need emergency administrative access, you need to boot a CD. In Mac OS X, you have to know the relatively obscure hold-down-Cmd-S-while-booting procedue to get into recovery mode. In Ubuntu, though, it’s right there in the boot menu. Just press the down arrow once and you’re in recovery mode, which means you have root (or total administrative) access to the computer.

On the one hand, obscuring recovery mode might give people a false sense of security (thinking it’s difficult to gain root access). On the other hand, having it in the boot menu kind of advertises it, and you might have a curious sibling or roommate who selects it and starts getting playful on the command-line, and she might not have done so if it weren’t in her face the way it is.

Outside of the computer world, it’s a bit like keeping the key to your house underneath the welcome mat. Doing so is definitely bad security. On the other hand, most people won’t know exactly where you keep your key or if you keep it under the welcome mat at all. If you post up a big sign next to your door saying “Hey, the key is underneath this welcome mat!” you’ll be sure to have your home broken into.

When it comes to computer security, definitely encryption and restriction of physical access should be publicized more as real security options, but I do believe there are tradeoffs to embracing and eschewing security through obscurity. Just make sure you are obscuring access for others and not for yourself.

5 comments

  1. The way I see it, hiding recovery mode would be a terrible idea, because obscuring actual, useful tools will contibute to a person’s headache when they have data loss. Making somebody totally unfamiliar with the command line edit the grub line and append ‘single’ just seems like something which, given a large enough sample size, will lead to some failures.

    Security through obscurity can be used in combination with “real” security in reducing the headaches of a sysadmin or desktop user, but it’s nothing I’d want to sacrifice serious functionality for.

  2. > In Windows, if you need emergency administrative access, you need to boot a CD

    I haven’t used Windows for a while, but IIRC, with XP, this was only the case with the Professional and Server editions. The Home edition was configured such that Safe Mode (F8 during bootup) gave you admin access, in order to allow Grandma’s forgotton login password to be fixed with a minimum of fuss. I don’t know whether this has changed in Vista, though.

Leave a comment

Your email address will not be published. Required fields are marked *