FC: Microsoft security fix: Regulation vs. simpler solutions

[Declan McCullagh <declan () well com>]

Previous messages:
http://www.politechbot.com/p-04405.html
http://www.politechbot.com/p-04404.html

---

From: <mimim () bellatlantic net>
Reply-To: mimi () americamail com
To: <declan () well com>
CC: <aamolsch () shentel net>
Subject: Regulation vs. simpler solutions
Date: Tue, 11 Feb 2003 22:35:33 -0500

Hurrah for you, Declan!

Let's assume the best of Mr. Clarke. Assume he is not seeking to inflate 
his own importance and fatten the funding of his own and his 
friends'dot.gov fiefdoms. Nevertheless, his embrace of "new, intrusive, and 
arguably unwarranted regulations," (as you so aptly put it) is still 
frightening.

Clarke desribed the problem: "The events of the last weekend demonstrate 
yet again how vulnerable our society is to cyberspace attacks.  The 
Sapphire Worm was essentially a dumb worm that was easily and cheaply 
made.  It attacked only one vulnerability on one piece of software from one 
vendor for one type of machine. Moreover, that vulnerability was one for 
which a patch had been available for many months. Nonetheless, the results 
of the worm were significant."

This Cyberspace "attack," like most that have preceded it, is much simpler 
than Clarke makes it and can probably be prevented in the future with a far 
less intrusive mechanism than the proposals for the government to seize 
control of the internet (if that is even possible).  Occam's Razor is 
helpful: from a set of otherwise equivalent models of a given phenomenon 
choose the simplest one -- "shave off" those concepts, variables or 
constructs that are not really needed to explain the phenomenon.

Most, if not all, of these problems have involved vulnerabilities in 
Microsoft's Windows operating system (or MS Excel, or MS Outlook). So -- 
why not just an executive order or GSA procurement regulation requiring the 
federal government (and advising anyone else who doesn't want to be held 
hostage to Microsoft's vulnerabilities) to invest no more than N% of its 
computer resources in one vendor's equipment or software? Use the 
independent Linux operating system (in addition to or instead of Windows or 
its Microsoft progeny. Use PCs, sure. But buy some Macs as well. Use 
portable web servers that can be used on any platform (personal 
computer-based, mid-range, mainframe). If the government refused to invest 
itself so completely in monopolies or near-monopolies, this would not be 
nearly the problem it is now.

Mimi Madden
(for more on Occam's Razor, see http://pespmc1.vub.ac.be/OCCAMRAZ.html) 




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------