Microsoft And Security For The Next Millennium.As this decade of destructive email viruses, email virus hoaxes, and major network security breaches winds down, it's perhaps fitting to consider the state of security in our industry as we begin the true new millennium in January. This topic is especially timely because of the recent break-in at Microsoft where hackers may have--over a mind-boggling period of three months--stolen or altered the source code of key Microsoft applications, and perhaps even Windows itself. Don't believe the official denials from the company brass: even if nothing was stolen, this hack was the result of a serious, worrisome security lapse and should serve as a wake-up call for Microsoft, and any enterprise. What makes the Redmond robbery even more distressing is the fact that Microsoft's lax attitude about security was responsible for the decade's other super-destructive hack: 1999's Melissa virus A Word macro virus that was unleashed in the spring of 1999. It sent an e-mail message with a list of pornographic Web sites to the first 50 names in the user's Microsoft Outlook address book. , which caused what many experts estimate at billions of dollars in damage, both in terms of data loss and productivity. Who was responsible for Melissa? I propose that it was not a misguided hacker obsessed ob·sess v. ob·sessed, ob·sess·ing, ob·sess·es v.tr. To preoccupy the mind of excessively. v.intr. with a stripper Stripper Slang for an individual homeowner who strips the equity out of his or her home through mortgage refinancing. Proceeds are generally not re-invested, but spent on consumer goods. Notes: Most people get rich by saving and investing wisely. , but a company in Redmond that designs applications without the slightest regard for security and data integrity. Outlook is one of the worst-designed, most-needlessly complex, poorest-performing pieces of software I have ever used, and it opened the door for Melissa. But that virus--and the subsequent LoveLetter variant--was a low-level prank compared to the sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of the Microsoft hack which, while it probably began with the opening of an attachment, stole passwords and data over a long period, all the while avoiding detection. Which brings us to possible solutions. Obviously, anti-virus tools are one way to protect against hackers trying to gain entrance via an attachment. Firewalls and port protectors like the popular ZoneAlarm also work well. But these defenses break down because of human error: someone forgets to update a DAT file (DATa file) A file that uses the .DAT extension. It is widely used for a variety of data content. See extension. , or scanning software is disabled and then not re-enabled. Or the virus arrives disguised as a "trusted" file. In any case, no anti-virus software anti-virus software n → Antivirensoftware f is perfect, firewalls can be breached, and humans are not infallible. But as the maker of the world's most widely used software, Microsoft, it seems to me, owes users a vastly more secure working environment, both in operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and in applications. Just as tire and car companies can be sued if their products cause injury, I say let software makers defend themselves, in court, if their poorly designed code causes financial harm. I am not a litigious litigious adj. referring to a person who constantly brings or prolongs legal actions, particularly when the legal maneuvers are unnecessary or unfounded. Such persons often enjoy legal battles, controversy, the courtroom, the spotlight, use the courts to punish person, but the fact is that very often class action lawsuits class action lawsuit A lawsuit in which one party or a limited number of parties sue on behalf of a larger group to which the parties belong. For example, investors may bring a class action lawsuit against a brokerage firm that has actively promoted a tax are the only way to get companies to alter their business practices: hit 'em where it hurts, in the pocketbook. The 21st century is already the connected century, where information can move around the world in an instant. Connection is valuable, but it can also be dangerous, and the Internet doesn't distinguish between innocuous and malevolent code. If we want to be connected as well as secure, the companies that build the underlying infrastructure are going to have to start accepting responsibility for their mistakes. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion