Firewall Wizards mailing list archives

RE: Security dumming down - the king's clothes

From: "Bill Royds" <broyds () rogers com>
Date: Sat, 13 Dec 2003 23:39:03 -0500

 I work for the Canadian federal government and my department uses Windows
for a simple reason, sunk cost.
We have (like so many other places) sunk so much investment into Windows,
that changing to another OS requires far too much initial cost compared to
more of the same. The largest part of the sunk cost has little to do with
the software or hardware it sits on at all. It is in the training and
investment of the departmental employees in the MS paradigm of computing.
The Help Desk knows about MS software and hardware setup. Their data is in
MS formats, they are comfortable with all the MS quirks. To change to
another OS would require much more in conversion costs (as seen by
management) than all the daily extra costs that MS causes (which includes
security costs). 
        MSBlaster/Wachia started to impact on this a bit. We are behind a
good application proxy firewall which did  block MSBlaster for a couple of
days while the operations centre staff tried to update all the MS 2000 boxes
with the patches. But somebody plugging a laptop into a RJ45 on a remote LAN
infected the WAN and they had a full blown worm inside. I don't work in
security because I was too much of a Cassandra for operations while doing
so. To a IT operations group, security is only one of the factors that they
have to balance. It is not the major factor until it impacts the others. 
  That is basically what Microsoft itself ahs found. Lack of security is now
costing them sales. So security really is a focus now at Microsoft. But the
admission by Balmer last month that Windows is inherently insecure (or why
would he suggest "perimeter protection") indicates that they will be trying
more to circle the wagons than build a fortress. The Microsoft paradigm of
computing is close to that of Sun (remember "The network is the computer").
It assumes that workstations and servers inhabit a protected network and
there are no hostile activities on that network. Changing that to the
reality of the Internet breaks too many things inside their OS. So they need
another way to achieve security. If a server shares files, it can be
attacked through that sharing. That is an essential fact of network
security. Microsoft operating systems are built on file sharing rather than
other methods of file exchange so is intrinsically insecure.

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of R. DuFresne
Sent: December 13, 2003 10:24 PM
To: Marcus J. Ranum
Cc: Roger Marquis; firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Security dumming down - the king's clothes

On Fri, 12 Dec 2003, Marcus J. Ranum wrote:


        [SNIP]

A lot of folks recognize that the emperor has no clothes. The
question is: why? Microsoft's stuff is certainly PART of the problem
but another big piece of the problem is that people insist on buying
it and don't manage it right. There's enough blame to go around
and just assuming a conspiracy is too simplistic.

***

The truth is a more
complex combination of clueless customers, cruddy code, incompetent
federal IT workers, consultants out for a buck, marketing idiots, and
a dash of denial.

***


Which still perhaps boils down to a depth of pockets as well as breadth of
market penetration arguments doesn't it?  Those 'incompetent federal IT
workers' recognise Windows as a 'standard', and the 'marketing idiots' and
'consultants out for a buck' make their bread off the recognised
'standard'...<smile> A twisted circle forming an infinite economic race
track?


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Security dumming down - the king's clothes Roger Marquis (Dec 11)
- Re: Security dumming down - the king's clothes Marcus J. Ranum (Dec 12)
  - Re: Security dumming down - the king's clothes Chris Blask (Dec 13)
  - Re: Security dumming down - the king's clothes R. DuFresne (Dec 13)
    - RE: Security dumming down - the king's clothes Bill Royds (Dec 14)
    - Message not available
    - RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 14)
    - RE: Security dumming down - the king's clothes Marcus J. Ranum (Dec 16)
- <Possible follow-ups>
- RE: Security dumming down - the king's clothes Richard Snow (Dec 16)
- RE: Security dumming down - the king's clothes Don Parker (Dec 17)
  - RE: Security dumming down - the king's clothes Wes Noonan (Dec 17)