Internet pioneer Paul Vixie: Build roads, not walls

Security researchers should focus on changing the rules, not fighting to stay even

'Are you an optimist?' was the question put to Paul Vixie last week at Kaspersky's security analyst summit in Singapore, when he took to the stage to receive the security company's 'MVP' award.

"No sir," the internet pioneer replied with his signature deadpan delivery.

Vixie is best known for having designed and deployed numerous Domain Name System (DNS) protocol extensions and applications, including dynamic update, network reputation and BIND open-source software.

He also founded the first anti-spam company, MAPS (Mail Abuse Prevention System), a California non-profit with the goal of stopping email abuse. The 'Real-time Blackhole List' (RBL) – which helps inboxes reject spam sent from shady addresses – developed there was the first distributed reputation system of its kind.

In a short on-stage interview, Vixie – who was inducted to the Internet Hall of Fame in 2014 – was philosophical about those achievements.

"It didn't work. We're getting as much spam today as you would have gotten if I hadn't have done any of those things," he said.

"So that taught me a lesson which is; you're probably not going to get very far building walls. It's better to build roads," Vixie added.

Vixie argued that while the security industry community's "heart is in the right place", driven by a "want to leave the world safer than it was when they first got it", the surrounding industry had serious flaws.

"The industry we're building around that has got some real structural defects that keeps the security research community from being able to work on the right problems, to choose the right problems, and make changes that would actually make a difference in our lifetimes. Instead of fighting to stay even as we do today," Vixie, since 2013 CEO of Farsight Security, said.

One of the main "structural defects" is the disparity in understanding between equipment owners and operators, and those that want to attack them, Vixie explained.

"If the person that wants to get into your system and take your stuff knows your systems better than you do, you're probably going to lose," he said. "That's asymmetric warfare and I'm trying to close that gap."

The problem was ultimately one of simple economics, he added.

"We have to drive up the cost for attackers and drive down the cost for defenders...Everything we work on should be toward one or other of those ends," Vixie said.

Researchers needed to "look at the problem from that high a level," he said.

"Being smart is not enough, being right is not enough, you really have to use your time in the sun, use your perspective, to figure out what it is you can do. That is: just going to be groundhog day, versus what you can do which could change the rules," Vixie said.

The author travelled to the Security Analyst Summit as a guest of Kaspersky.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags infosecemailspamDNSkasperskySingaporeMapsdomain name systemNetseccyberPaul VixieSecurity Analyst Summit

More about KasperskyMail Abuse Prevention SystemMVP

Show Comments