Online Security & Trust; A Safer Way To Shop With Confidence.
Recent Posts
Being safe when it comes to your children.
Are we looking for love in all the wrong places?
What is the purpous of a computer virus?
You might have been compromised and not even know it!
The Lifelock Scam And Why You Should Avoid Their Hard Sell
Computer running slow these days?, Do something nice for it by adding more RAM.
Where do we draw the line to the 1st amendment.
An " Apple" a day keeps the virus away!.
Facebook is the new frontier for fraud
Play it safe when gambling online.
A ounce of prevention is worth a pound of cure.
Be smart when giving donations.
10 tips to make you a safer shopper online.
credit card safety online and you
This is one wall you want to keep up.
Internet safety and your children
Online gaming safety and your children.
The Internet Today; Has it become a curse or a blessing?.
Peek A Boo I See You; Webcam Hacking, A new form of voyeurism
A Clean Computer is a happy Computer.
Most Read
Dont be fooled into this one!
Downloaded New Antivirus Software After Major Meltdown
Ever wonder what a credit card thief is thinking?.
Look out for hidden pitfalls with online gaming.
Mattysgiftshop.com Special Of The day
Topics
identity theft(54)
protection(46)
Scams(43)
Fraud(42)
internet security(39)
hackers(38)
antivirus software(30)
security(30)
virus(27)
credit(24)
Credit Cards(24)
drivers license(24)
onlineshopping(23)
spam(21)
online security(20)
scam(18)
virus free(18)
viruses(18)
creditcard(16)
theft(16)
firewalls(13)
piracy(13)
Gaming(11)
firewall software(10)
internet saftey(8)
virus protection(7)
antivirus download(6)
home based business(5)
software(5)
firewall antivirus(3)
preventive maintenance(3)
credit card(2)
Phishing(2)
Wi-Fi Hacking(2)
antivirus(1)
Archives
2011
April
March
February
January
2010
December
November
October
September
August
July
June
May
April
March
February
January
2009
December
November
October
September
August
July
June

Security blame games
6/29/2009 9:16:10 PM
September 05, 2003

Security blame games

Worm epidemics inspire more scorn for Microsoft

By Jon Udell | InfoWorld

With the Sobig.F worm on the wane and its successor presumed to be waiting in the wings, fingers are pointing angrily at Redmond.

"People sometimes ask me why I loathe and detest Microsoft with such a visceral passion," wrote packet-radio pioneer and security expert Phil Karn on his Web site. "A major reason is the never-ending stream of viruses and worms infesting [Microsoft's] abysmally insecure software."

For users of Linux and Mac OS X, the recent outbreak was a bittersweet validation. These systems were immune to the worm but -- because we are all e-mail users -- not to its effects.

Open source software partisans never seem to follow their argument to its logical conclusion, however. If more people used Linux and/or Mac OS X, more attackers would exploit the vulnerabilities of these systems. Hardly anybody argues that those systems are invulnerable to attack. What most serious advocates claim, rather, is that the open source process includes a more thorough review of code, resulting in more effective means for discovering and repairing flaws. That's a credible claim, especially when you compare today's open source methodology to what Microsoft, by its own admission, has been doing until recently. But times change.

Critics used to delight in saying that Microsoft would never "get" the Internet. Now that Microsoft is a leading contributor to Internet standards, you don't hear that complaint so much. In fact, the Microsoft that didn't "get" security has largely been reinvented. The effects of Microsoft’s heightened awareness and newfound commitment to rigorous code review, however, won't be felt for a long time, especially because Windows 9x isn't going away anytime soon. According to Microsoft Senior Developer Chris Brumme, who was diverted from stress-testing the CLR (Common Language Run time) to reviewing the DCOM (Distributed Component Object Model) stack in the wake of MSBlast, "Some of those source files contain comments from the ’80s."

You can't turn Windows’ installed base on a dime, but you can turn it eventually. In four or five years, the true nature of the struggle between the methodologies of Microsoft and the open source community may finally begin to emerge. My hunch is that both strategies will produce reliable and secure software, and that competition between them will benefit everyone. Neither strategy will deliver perfect security, of course, because no such thing exists. We'll always be assessing risks and making trade-offs.

In his new book, Beyond Fear, Bruce Schneier -- one of the world's leading authorities on security trade-offs -- completes the metamorphosis from cryptographer to pragmatist that began with Secrets and Lies, published in 2000. The new book dissects a range of security solutions in terms of the agendas of the players (attackers and defenders) and touches -- too briefly -- on ways of modifying those agendas. I particularly like the idea that insurance, the standard tool used in business to control risk and convert variable costs to fixed costs, can help make developers accountable for insecure software. Product-liability laws aren't likely to change anytime soon. But if actuaries measured the risk associated with use of competing software products and priced insurance policies accordingly, maybe we could close the feedback loop in a positive way.

The mess we're in is largely Microsoft's fault, to be sure, but any dominant software player would have created a similar mess. Ideology, of any flavor, won't help. We need rational ways to quantify risk and to value its mitigation.
AddThis Social Bookmark Button
Topics:  
virus,
Posted by  Matthew Luker
View Comments


WOW HER THIS VALENTINES! Send Flowers & Gifts starting at $29.99 from 1-800-FLOWERS.COM - 468x60 http://www.mattysgiftshop.securesitepages.com/
Comments
Links
Home
Get Blog Widget
create your fan page
Blog Roll
Favorite Links
att yellow pages
RSS Feeds
RSS Feed
Atom Feed
Free Blogs