Firewall Wizards mailing list archives
RE: Security dumming down - the king's clothes
From: "Bill Royds" <broyds () rogers com>
Date: Sat, 13 Dec 2003 23:39:03 -0500
I work for the Canadian federal government and my department uses Windows for a simple reason, sunk cost. We have (like so many other places) sunk so much investment into Windows, that changing to another OS requires far too much initial cost compared to more of the same. The largest part of the sunk cost has little to do with the software or hardware it sits on at all. It is in the training and investment of the departmental employees in the MS paradigm of computing. The Help Desk knows about MS software and hardware setup. Their data is in MS formats, they are comfortable with all the MS quirks. To change to another OS would require much more in conversion costs (as seen by management) than all the daily extra costs that MS causes (which includes security costs). MSBlaster/Wachia started to impact on this a bit. We are behind a good application proxy firewall which did block MSBlaster for a couple of days while the operations centre staff tried to update all the MS 2000 boxes with the patches. But somebody plugging a laptop into a RJ45 on a remote LAN infected the WAN and they had a full blown worm inside. I don't work in security because I was too much of a Cassandra for operations while doing so. To a IT operations group, security is only one of the factors that they have to balance. It is not the major factor until it impacts the others. That is basically what Microsoft itself ahs found. Lack of security is now costing them sales. So security really is a focus now at Microsoft. But the admission by Balmer last month that Windows is inherently insecure (or why would he suggest "perimeter protection") indicates that they will be trying more to circle the wagons than build a fortress. The Microsoft paradigm of computing is close to that of Sun (remember "The network is the computer"). It assumes that workstations and servers inhabit a protected network and there are no hostile activities on that network. Changing that to the reality of the Internet breaks too many things inside their OS. So they need another way to achieve security. If a server shares files, it can be attacked through that sharing. That is an essential fact of network security. Microsoft operating systems are built on file sharing rather than other methods of file exchange so is intrinsically insecure. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of R. DuFresne Sent: December 13, 2003 10:24 PM To: Marcus J. Ranum Cc: Roger Marquis; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Security dumming down - the king's clothes On Fri, 12 Dec 2003, Marcus J. Ranum wrote: [SNIP]
A lot of folks recognize that the emperor has no clothes. The question is: why? Microsoft's stuff is certainly PART of the problem but another big piece of the problem is that people insist on buying it and don't manage it right. There's enough blame to go around and just assuming a conspiracy is too simplistic.
***
The truth is a more complex combination of clueless customers, cruddy code, incompetent federal IT workers, consultants out for a buck, marketing idiots, and a dash of denial.
*** Which still perhaps boils down to a depth of pockets as well as breadth of market penetration arguments doesn't it? Those 'incompetent federal IT workers' recognise Windows as a 'standard', and the 'marketing idiots' and 'consultants out for a buck' make their bread off the recognised 'standard'...<smile> A twisted circle forming an infinite economic race track? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security dumming down - the king's clothes Roger Marquis (Dec 11)
- Re: Security dumming down - the king's clothes Marcus J. Ranum (Dec 12)
- Re: Security dumming down - the king's clothes Chris Blask (Dec 13)
- Re: Security dumming down - the king's clothes R. DuFresne (Dec 13)
- RE: Security dumming down - the king's clothes Bill Royds (Dec 14)
- Message not available
- RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 14)
- RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 16)
- Re: Security dumming down - the king's clothes Marcus J. Ranum (Dec 12)
- <Possible follow-ups>
- RE: Security dumming down - the king's clothes Richard Snow (Dec 16)
- RE: Security dumming down - the king's clothes Don Parker (Dec 17)
- RE: Security dumming down - the king's clothes Wes Noonan (Dec 17)