Monday, December 11, 2006

More Secure Windows May Not Help: BusinessWeek makes a very good point

There's a nice article in Business Week that meshes with my view of computer security. Let me spell this out.
  1. Microsoft is spending a lot of money right now to encourage people who use Windows to upgrade, for a fee, to a new version called Vista.
  2. To justify the fee for the new version Microsoft is talking a lot about how much more secure Vista is than previous versions of Windows.
  3. All this talk may be creating an expectation that computer users will encounter fewer security problems in the future.
  4. This expectation is probably false.
The only way to make computing significantly more secure than it is today? Raise the general standard of behavior of people on this planet.

This may sound like a tall order--and it is--the task is not insurmountable. Law and order can eventually replace lawlessness, e.g. the Wild West. Standards of behavior within any given geographic entity can be improved, e.g. reduced drinking and driving in UK/US/et al.

Of course, these are changes that take decades to bring about. All the more reason to commit to the process now, rather than later. Remember, technology cannot create security; the sooner people set aside dreams of security based on the false promise that it can, the sooner the root problem will be addressed, and the better the interim security strategy will be.



life just good

Daniel said...

Your article is making some very valid points. When Microsoft launch a new OS there is a lot of expectation; mainly created by Microsoft themselves. It's true that a lot of the new features can turn out to be disappointing or less functional than expected.

This happened before with XP- huge build up, followed by huge hype, there's initial satisfaction; but then big disappointment, and the subsequent discovery of security weaknesses and holes. Patches and the first service pack follow.

There's no reason to think the same won't happen again with Vista.

Will said...

Extremely valid and I enjoyed reading it. I have two comments tho:

1. that it seems to me that the security of some OS are much better than others. Do Microsoft systems face so many more attacks only because they are far and away the most ubiquitous and hence command the lion's share of the hacker's attention?

2. I don't think education will do it. Well, I'm sure it can help, but it'd be interesting to look at the cost of changing human nature in the same way you did cost per breach. And I think the problem is hard wired - we're not talking about "bad people" here, but a fundamental human desire to be noticed by as many people as possible and to spread one's sphere of influence. The very technology you're blogging about has made us all share one single sphere of influence - it's called the Earth.

Henry Bolingbroke said...

Daniel has made the points I was going to make. So I will just second his comments and point out that less and less people believe Microsoft's hype because of their past inflated rhetoric.

KacinPoint said...

Thanks for this post--I couldn't agree with you more.

If you have time, take a look at the post I wrote not too long ago about this same thing:


Lucy Lockett said...

I liked your article and viewpoint but alas human nature will win in the end. If we can abuse it, challenge it, break it, better it then lets do it! It can be a disappointing human trait I'm afraid.