RE: [fw-wiz] Security dumming down - the king's clothes
From: Bill Royds (broyds_at_rogers.com)
Date: 12/14/03
- Previous message: larsmith: "[fw-wiz] WatchGuard"
- In reply to: R. DuFresne: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'R. DuFresne'" <dufresne@sysinfo.com>, "'Marcus J. Ranum'" <mjr@ranum.com> Date: Sat, 13 Dec 2003 23:39:03 -0500
I work for the Canadian federal government and my department uses Windows
for a simple reason, sunk cost.
We have (like so many other places) sunk so much investment into Windows,
that changing to another OS requires far too much initial cost compared to
more of the same. The largest part of the sunk cost has little to do with
the software or hardware it sits on at all. It is in the training and
investment of the departmental employees in the MS paradigm of computing.
The Help Desk knows about MS software and hardware setup. Their data is in
MS formats, they are comfortable with all the MS quirks. To change to
another OS would require much more in conversion costs (as seen by
management) than all the daily extra costs that MS causes (which includes
security costs).
MSBlaster/Wachia started to impact on this a bit. We are behind a
good application proxy firewall which did block MSBlaster for a couple of
days while the operations centre staff tried to update all the MS 2000 boxes
with the patches. But somebody plugging a laptop into a RJ45 on a remote LAN
infected the WAN and they had a full blown worm inside. I don't work in
security because I was too much of a Cassandra for operations while doing
so. To a IT operations group, security is only one of the factors that they
have to balance. It is not the major factor until it impacts the others.
That is basically what Microsoft itself ahs found. Lack of security is now
costing them sales. So security really is a focus now at Microsoft. But the
admission by Balmer last month that Windows is inherently insecure (or why
would he suggest "perimeter protection") indicates that they will be trying
more to circle the wagons than build a fortress. The Microsoft paradigm of
computing is close to that of Sun (remember "The network is the computer").
It assumes that workstations and servers inhabit a protected network and
there are no hostile activities on that network. Changing that to the
reality of the Internet breaks too many things inside their OS. So they need
another way to achieve security. If a server shares files, it can be
attacked through that sharing. That is an essential fact of network
security. Microsoft operating systems are built on file sharing rather than
other methods of file exchange so is intrinsically insecure.
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of R. DuFresne
Sent: December 13, 2003 10:24 PM
To: Marcus J. Ranum
Cc: Roger Marquis; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Security dumming down - the king's clothes
On Fri, 12 Dec 2003, Marcus J. Ranum wrote:
[SNIP]
> A lot of folks recognize that the emperor has no clothes. The
> question is: why? Microsoft's stuff is certainly PART of the problem
> but another big piece of the problem is that people insist on buying
> it and don't manage it right. There's enough blame to go around
> and just assuming a conspiracy is too simplistic.
***
> The truth is a more
> complex combination of clueless customers, cruddy code, incompetent
> federal IT workers, consultants out for a buck, marketing idiots, and
> a dash of denial.
***
Which still perhaps boils down to a depth of pockets as well as breadth of
market penetration arguments doesn't it? Those 'incompetent federal IT
workers' recognise Windows as a 'standard', and the 'marketing idiots' and
'consultants out for a buck' make their bread off the recognised
'standard'...<smile> A twisted circle forming an infinite economic race
track?
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: larsmith: "[fw-wiz] WatchGuard"
- In reply to: R. DuFresne: "Re: [fw-wiz] Security dumming down - the king's clothes"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Security dumming down - the king's clothes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
