IP: Re: Outlook 2000 -- we aren't told and cannot peek

[David Farber <dave () farber net>]

> Date: Wed, 31 Oct 2001 09:45:48 -0500
> To: farber () cis upenn edu
> From: Gene Spafford <spaf () cerias purdue edu>
> Subject: Re: IP: Outlook 2000 -- we aren't told and cannot peek
>
> Simple answer -- don't use Outlook.
>
> <Step up on soapbox>
>
> We all have choices.   Some involve paying a little more money, and others 
> involve investing time in learning something new to take the place of what 
> we were using.
>
> If security is a concern, or quality is an issue, then try using something 
> else.   Use market forces to effect a change -- reward those vendors who 
> do things you want, and penalize those vendors who don't seem to "get it."
>
> Let me give you an example.
> I run Eudora on an Apple Macintosh under MacOS 9.2.   I've used Macs for 
> 15 years, and I have NEVER had a computer virus on my machines (that I 
> didn't download for study knowing what it was).   Not one of the 
> approximately 50,000 viruses that have been reported for DOS/Windows in 
> the last decade spreads on a Mac (for comparison, there are only about 50 
> native for the Mac in the same time period, and they are almost all 
> extinct).   By not using Word, I also don't get bothered by any of the 
> macro viruses there.   Eudora on the Mac (at least; on the Windows 
> version, too, I think) has settings to allow me to decide whether to run 
> attachments, and to see plain MIME code as characters, so I can see the 
> cruft stuffed into infected spam email for unsuspecting Outlook users.  I 
> don't have to devote 40% of my machine's CPU time to running anti-virus 
> software, either.
>
> I have also never had a break-in to any of my  Macs.   Under MacOS 9x, it 
> doesn't run any services that would enable a break-in. Simple.
>
> As to people who complain about software not being available, a lot of 
> software that is on Windows but isn't available on the Mac is either games 
> or garbage.   In all my time using the Mac, I've written 3 books, nearly 
> 50 research papers, and handle daily email correspondence loads of over 
> 250 messages.   I program in Perl, I write and maintain WWW pages, and I 
> am able to open X windows to my Unix machines.  My assistant and I share a 
> calendar and address book with no problems.   All the software I need is 
> available.   That there are 10,000 other things I can't run doesn't matter 
> -- there are 10,000 books in other languages I can't read either, but I'm 
> doing just fine as is, thank you.
>
> I am not anti-Microsoft.  As Mike O'Dell indicated, they have done some 
> important things in computing and in bringing computing to the 
> masses.   Microsoft has done a lot of good work, and has helped shape the 
> industry.  (As an academic, I'd be lost without Powerpoint, and I 
> definitely use Excel on occasion.  Both run on the Mac, btw.) However, I 
> am very much troubled by Microsoft's long history of poor code quality and 
> security.    There are places where a Windows environment is 
> appropriate.   But I wouldn't have it my first choice for any safety or 
> security critical application. So, I make a conscious decision to use 
> something else in those situations where security is important to me -- 
> such as my personal desktop.
>
> There are other decisions you can make, if you are interested in issues of 
> security and quality.  For instance, it was noted here that Gartner has 
> said people ought to stop using IIS.   One of my staff went through the 
> ICAT database maintained by NIST and found over 80 security patches 
> released for IIS in the last 3 years.   He found only 1 for Apache.  Which 
> one are you using and why?
>
> And there are yet more alternatives for systems and software for general 
> use, and reasons they should be considered.  This includes various 
> versions of free software (note that  Linux is not necessarily more secure 
> than Windows -- I think the *BSD systems are much better quality and more 
> stable, OpenBSD in particular) and commercial systems such as Solaris and 
> HP/UX (which have a much better recent history of security and stability 
> IF you have an administrator who knows what he/she is doing).
>
> The best solution is not always to buy the cheapest piece of commodity 
> hardware and install the same old software everyone else is using.   If 
> security is important, one shouldn't base decisions solely on the up-front 
> acquisition and training costs.   Applying patches every few days, using 
> up a large fraction of your CPU running anti-virus software, and cleaning 
> up after malware and break-ins has cost too.  I'm also told that help desk 
> costs are lower for Mac shops than Windows, and over time that more than 
> makes up the initial purchase difference.
>
> Recent events have shown us that we shouldn't take security for 
> granted.   Being informed, wise consumers willing to spend a little bit 
> more for quality is an important part of the process.
>
> </Step down from soapbox>
>
> The security curmudgeon,
> --spaf


For archives see:
http://www.interesting-people.org/archives/interesting-people/