Two things that are often confused are safety and security. Aren't they the same? Well, no. The difference can be quite subtle in some cases, and not-so-subtle other times. Understanding the difference will help you see each for what it is, and not get a false sense of security.

Being safe means that you are free from harm via accidents. Being secure means being free from harm via attacks. What's the difference? Engineering a safe building might mean that it won't fall over if 100 extra people get in it, or if an earthquake occurs. Designing a secure building might mean that it won't fall over if someone fires a missle into it, for instance. The sandals I just bought have safety features (non-slip soles), but I don't expect them to be secure against someone leaving caltrops out on my balcony.

Most things we encounter in daily life are designed for safety. Even things sold for “security” are sometimes designed more with safety in mind: consider a can of mace. The models I've seen are designed so that it's actually a tad more difficult to fire them, as well as being weakened for “civilian” use. As civilians, we're under much more threat of accidents than attacks. I'm more worried about some drunk driving a car into me than an assassin waiting to run me down. This is a good thing: in real life, being secure from attacks is quite difficult.

Kidnapping/robbing/killing/whatever someone in most places is easy. The threat of punishment and an effective enforcement is what acts as a deterrent. In places that lack enforcement, say, where I used to live, such things occur much more frequently, not because they are any easier to do, but because there's no penalty. My dad was kidnapped down there, and almost executed. Our neighbours had something similar happen, but they weren't so lucky :(. However, even there, a bigger worry is a bus like this, this, or this.

However, in computer systems, the equation does not hold up. Users can delete their own documents. Or pour coffee on their keyboards. However, when connected to a network, you can get attacked from around the globe, millions of times per second. People are being blackmailed simply via sending a single email. And electronic attacks, unlike physical attacks, are usually harder to prosecute. If you have worked in IT for a while, you probably have a story or two where you could have made quite some money by breaking a law or two (my favourite is the bank that called me for some work: they had one network with all their data on it. This network also had an NT4 machine running Exchange, and was directly connected (just a router) to the Internet.). These attacks would have been much harder in the physical world. In the real world, the bank should probably worry more about clearly marked emergency exit lights than someone driving a car through the wall.

Deciding how safe or how secure a system should be becomes very difficult. A classic example: data backup. On one end, we want our users to quickly recover from any problem. However, each backup copy made introduces yet another item to be secured. Your data would be safe from accidental deletion if you burned a CD with it and mass-mailed it ala AOL. However it wouldn't be very secure. You can secure it be encrypting everything with no unencrypted backups and a single key, but if you lose the key, your data remains secure, but not safe from loss.

How should a file delete function work? Safety says that the file shouldn't be wiped, just marked as deleted (or in the Windows Recycle bin case, just moved to another folder). Security says the area where the file is should be at least zeroed out.

AntiVirus software (for instance) is almost completely a safety product. It helps stops a user from accidentally running something bad. It does nothing if someone deliberately crafts an attack at them. It'll detect if a 10-yr-old installs NetBus on your machine. It won't do anything if a 16-yr-old first plays with the NetBus executable with a hex editor.

”Disabling” VBS and WSH scripts on your computer doesn't really increase your security. It just lowers the safety problem of someone accidentally clicking a script that is known to be harmful. It won't help if someone compiles that script into x86 and throws a .exe extention on it. On most modern PCs, there is no secure way to run arbitrary code (although managed code/virtual machines should alleviate this eventually).

People who place trust in these fake-security measures are being deceived by safety measures. It works because real-world counterparts are hard to come by. While this is good for the makers of such software, it can be devastating if it's not taken for what it actually is. For instance: If your computer is infected with some virus/trojan/whatever, cleaning it with AV software is *not* secure. The only secure action at that point is to re-install (or at least verify) that the entire OS and configuration is correct. For all you know, the trojan could have modified the Windows' kernel, the AV interface, and everything else.

Fortunately, many times safety software won't actually hurt your security. Just running AV in a proactive mode doesn't make you less secure. It's the improper use and faith in this software that's dangerous. So, as always, getting a secure system can be really difficult. This is just one more potential pitfall to watch out for.