Net Effects: Guns, Vaccines, Comp Sec
This letter describes an analogy between three different
domains: home protection vs. burglers; vaccines vs.
pathogens; and computer security tools vs. malicious crackers.
The similarity between these domains is not only
the the Network ("Fax") Effect, (where utility increases with saturation),
but *passive members of the population also gain*.
If a neighborhood has a high proportion of well-protected homes, burglars
will avoid it since it contains many high-resistance potential targets.
Less well armed neighborhoods are more attractive. Homes that eschew
firearms gain security by virtue of their better
prepared neighbors' risk.
If a population has many innoculated members, an infectious
pathogen has a hard time percolating through the community.
The level of non-innoculated 'porosity' of the population
which can be tolerated depends on the branching factor: how
many others a random individual contacts while infectious.
Insufficiently innoculated populations can go extinct.
But minority groups, e.g. religious un-innoculated, are
protected by the impermeability of the majority population,
who got innoculated at their own risk.
If you'll never see disease X because those you deal with
are innoculated against it, you don't need innoculation.
Finally, if one population of machines is "hardened" then
malicious crackers will find study of attacks against those boxes
less desirable, as they are on average less 'permeable'.
They will prefer low hanging fruit. But lame sysadmins
benefit from the actions of the more vigilant.
NB: Researcher David Hogg has more rigorous, and inspiring, treatments of
permeability & phase changes.
