Need For More Secure Software
It amazes me how insecure much of our software is today. Chances are that most of us run at least 2-3 different software programs, whose only purpose is to secure against unauthorized access, on our home PCs. If we don't, we end up with manifestation of popup adds, viruses, registry corruption or other unwanted problems.
All this makes using a computer more complicated and is one instance of the need for simplified technology that is more secure. I mean I find it unacceptable that I have to run a firewall and have to decide weather I want to allow access to the internet to particular applications as they need it. I should not have to scan my computer for processes and files that have malicious intent of spamming my computer every week. And I don't want to make sure that my virus program is running all the time and is always up to date. All this is done for security! It is time consuming and complicates my user experience!
We have to get to the bottom of this. Is it a problem with the way the network (internet) is structured; I mean would it be possible to redesign the network in a way that would prevent some of these attacks? At the moment it doesn't seem so and in any case it may be too late for that.
Is it a problem with the operating system (Windows); how can an external user be allowed to run things on your machine without your permission or how can he even be allowed to get to the point where he can trick you to grant him access? I find it astonishing how one of the only Windows machine at my current workplace has managed to infect most of the other Windows desktops/laptops on the network and when the files responsible for the attack were removed, they still kept coming back!
Or is it a problem with the web browser (Internet Explorer)? I have switched to Firefox a few months ago and I have to say it has been a much better experience: I love how it automatically blocks popup adds for me. However, a friend of mine wasn't as lucky. He had an attack on his computer through the IE browser that replaced his desktop with a blank page. Even after he managed to fix it, not before contemplating reinstalling Windows, he still has problems with popup adds appearing with Internet Explorer all the time. Not to mention, he has to scan his computer twice a week to remove the programs responsible for the adds.
When will companies learn to do better testing of their software, to make the user feel secure in using their product and to simplify their life with secure software that just works and doesn't require additional software to make sure that it works?
posted by Alex Pilchin @ 1:16 PM
7 comments
7 Comments:
Well, the problem of thieves breaking into houses still hasn't been solved 100%.
So.. Don't count on 100% secure applications anytime soon. Having said that, security is taken much more seriously now than it was 5 years ago. Hence, I anticipate a sharp decline in security issues over the next few years.
That's a great anology
Since we can't change the internet for the moment, security should start at the OS level and I don't see how MS, who have delayed their Longhorn release and are probably going to have a first priority of releasing their product, gonna improve the security of the OS.
Having said that, there are other OS alternatives (ie Linux, OS X, etc) that have not shown to have simular security issues; although part of the reason for that may be due to a smaller percentage of users using it and therefore this may have deterred attackers from taking interest in those.
Even though security has been taken more seriously recently, these tend to be protecting company data rather than producing very secure software. The priorities of many software companies remain the same; first you must release a new product/version as soon as possible only then you may seriously consider security.
Why is Microsoft never given the benefit of the doubt... Here are some biased articles:
http://www.intel.com/cd/ids/developer/asmo-na/eng/97003.htm
http://msdn.microsoft.com/Longhorn/understanding/preparing/default.aspx
Security flaws seem to be everywhere...
http://www.enterpriseitplanet.com/security/news/article.php/3435411
This is also a good thread :
http://www.desktopsidebar.com/forums/index.php?showtopic=3040&st=0
> Why is Microsoft never given the benefit of the doubt.
Why should it? Based on what track record?
I've given real life examples, there are plentty more I can give ... The second they make a secure OS, I will start giving them the benefit of the doubt. If they are delaying the release of Longhorn because they want to make it more secure, then props to them ... but are they?
Regarding the 'biased' articles; they seem quite interesting and the ideas sound great on paper, I'll be really interested to see them in action. Hopefuly they will make the user's life simpler rather than more complicated.
Regarding the Google Desktop Search security issues; that's the reason it is still in Beta.
In any case, my blog entry refers to all companies who rush out products and MS just happens to be at the 2 fronts for security (ie OS and the browser, well actually their IM as well)
Is there such a thing as a useful and secure OS????
I think there is an inherent bias when it comes to answering the question which OS is more secure, Windows or non-Windows. Its a cultural thing. Why would administrators in Enterprise continue to buy Windows products if they weren't secure? Yeah some have switched over and are finding there is a higher total cost of ownsership for unix flavour environments.
There is a lot of research done at Microsoft about all of these issues. MS is definitely more disciplined in their approach to release dates and creating software. They have been doing it as a single company for almost 30 years, you don't think they would learn something?
Is software going to be published with bugs, security flaws etc... Yes ofcourse. But it is the timely response to these problems that counts. There is a LOT of research done into this process. For example a lot of the security threats are not an accurate reflection of what happens in the real world.
>Is there such a thing as a useful and secure OS????
Are you saying there isn't?
An OS is useful if it makes it easier for you to do your work, collaborate with people, gain access to information, etc through other programs that run on it.
It is secure if it doesn't allow unauthorized access(ie someone the user doesn't want to access).
Some OSes are better at one and some are better at the other. But there is no reason why there shouldn't be one that is great at both! It would just require more care about the users than the dollar ... and guess what, this is exactly what is emerging with Open Source.
>Why would administrators in Enterprise continue to
>buy Windows products if they weren't secure?
This is not a statisticly valid argument. There are plenty of reasons 1)Perhaps more supported applications 2) Perhaps easier use/ may require a lesser skilled Admin 3) maybe good marketing by Microsoft ... there could be many reasons. I'd say that these are just as likely as the one you gave.
More importantly, you should note that there are a lot of security software (ie firewalls, spam protection/filters, etc) written for Windows; therefore these make it more secure, but notice this does not imply that Windows itself is more secure and as I've mentioned in my original article these software make life more complicated.
>Yeah some have switched over and are finding there is
>a higher total cost of ownsership for unix flavour >environments.
Am ... NO, if you are refering to MS' recent claims that Open Source is more expensive, this is Balmer's/MS's propaganda, based on false pretenses ... Did you read some of the responses to these claims? I'll post a link here to these once I find it.
>There is a lot of research done at Microsoft about
>all of these issues. ... They have been doing it as a
>single company for almost 30 years, you don't think
>they would learn something?
No doubt about it, they have done research and learned a lot about their customers ... they know exactly how much effort it would take to keep their customers and what it would require to keep their products relevant.
So tell me this; if MS came out with a very 'useful' and 'secure' OS that supported everything we needed today, would anyone go for a future upgrade or a newer OS (uless it was dramaticly more 'useful')? ... I think its in their interest not to release such a product and I'm sure they've learned that through the years of their research and experience.
>a lot of the security threats are not an accurate
>reflection of what happens in the real world.
I'm totaly in agreement with you on this one.
Post a Comment
<< Home