What are the two inherent characteristic of computers that make security so difficult?

Update, 14 July 2011.

There are many aspects or components of 'computer security' that attempting to identify just two characteristics is impossible.

Computer security first has three divisions:

  • Physical security -- it might it be damaged, stolen, etc. or incur damage by way of the power supply.
  • Systems security -- protection of the system and installed software - ensuring that programs are not tampered with and their function changed. Viruses are a big risk here.
  • Information security -- protection of the Information stored. This is sub-divided by
    • 'Confidentiality' - can unauthorized people see it and
    • 'Availability' - is it still there and accessible to authorized people when needed,
    • 'Integrity' - is it still as correct as last time it was used,
    • 'Transportability' - can it be safely and accurately transported aka network security.

In practice, the two biggest problems with securing computers today are:

  • Computers are physically accessed by the humans. For example, you can 'touch' the computer and can thus place it at risk yourself with an arching spark of electricity. You can spill your liquid into it, or copy private data off to your own memory stick which you can them lose on a bus.
  • The most popular operating systems -- whether Windows or Unix based -- are inherently insecure and lack the logic to provide a good basis for protecting software and data. Both were designed when security/ integrity were not important considerations. Integrity can not be 'bolted on' as an afterthought: it must be part of the philosophical design of the operating system. A system without integrity at its core can not be secure.