I'm Better Than You...No Really: Lame Security Claims

re: I'm Better Than You...No Really: Lame Security Claims

Gus Bjorklund — Tue, 26 Sep 2006 17:09:37 GMT

You make some good points, but: 0) Some security issues are greatly aggravated by their design and feature sets. For example, the fact that many email tools will execute /code/ (such as Javascript) contained in a message is simply outrageous. 1) All operating systems have bugs and security flaws but the fact remains that there are almost no viruses on Macs and Linux and the users of those systems /are/ safer than Windows users, at least for the moment.

Past history no predictor?

Wesley Parish — Tue, 26 Sep 2006 05:31:16 GMT

I think the problem Microsoft has, is that it has just been so phenomenally successful, with at least 95 percent of all PC desktops running some form of MS Windows. We know precisely why Microsoft has been so successful - several anti-trust trials later and the information is out there for all the world to see. Be that as it may, the corners that were cut to get Microsoft that place in the sun, have inevitably come back to haunt it.

I found, via osnews.com - hardly a blanket Anything-But-MS site, an URL for an article titled "If Only We Knew Then What We Know Now About Windows XP"
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html

I agree, not everything wrong with Microsoft Windows is Microsoft's fault - a lot of it is to do with the message that its ISVs got - that you could write a program to only run as Administrator, and you'd be fine. That it was alright to go out on the Internet as Administrator, that it was alright to ... Mind you, I've had some of that MS Office training, on account of people insisting that I needed it, and there wasn't a lot about prophylactic Websurfing in the course. So the Microsoft-based training establishments need a kick up the ass.

As far as criminalising matters like identity theft, malware deployment, etc, there is a legal framework already in place. Various counter-terrorism efforts have at least established identity theft as a threat to the peace. I've just had a number of spam misinforming me about "Botnets for Rent", and I do think I'm sick of it.

Microsoft's incorporation of the browser into the kernel - and swearing under oath that it was vitally necessary to do so - was a Stroke of Genius - NOT!

re: I'm Better Than You...No Really: Lame Security Claims

jasonmatusow — Sat, 23 Sep 2006 18:13:48 GMT

Jeroen -
I totally agree about improving security solutions. In my posting I make the point that it is good for software producers to improve their security technology and to market that. I think it is irresponsible to attack others on their security and even worse to make the claim to consumers that if you use my stuff, you have nothing to worry about.

Also, you are right about the limitations of laws designed to deal with physical world issues being inadequate for the types of crimes that are being committed in cyberspace. Things like jurisdiction become very sticky very quickly.

Jason

re: I'm Better Than You...No Really: Lame Security Claims

Jeroen Frijters — Sat, 23 Sep 2006 15:54:56 GMT

Niall, the victim is not responsible for the actions of the criminal, but the victim is responsible for protecting himself. This is simply pragmatism, unfortunately there will always be crime, so you have to take that into account. I don't like that any more than you do, but it's a fact of life.

Jason, I don't see that romanticizing of hackers much any more, but I agree that it is important to get the message out that these people are serious criminals. However, at the same time we should not try to pretend that traditional law enforcement solutions are going to be very effective in the virtual world. The nature of international law makes this extremely unlikely for the foreseeable future. Improving software security and user awareness is a much more effective solution to the problem.

Lame Security Claims, Or Competition as Usual?

tecosystems — Fri, 22 Sep 2006 22:05:38 GMT

Jason: I understand, I'm pretty sure, where you're coming from when you say "that the problem isn’t each other, it is the nincompoops who think it is cool to vandalize, spy, and steal." And I happen to agree with that...

re: I'm Better Than You...No Really: Lame Security Claims

Niall — Fri, 22 Sep 2006 21:39:23 GMT

That's right, Jeroen, it's the victim that's responsible for the actions of the criminal. After all, they wouldn't have done it if the victim hadn't let them, so punish the victim and don't waste time focusing on the criminal.

Yes, we should all be more aware of the potential for crime to be perpetrated against us and act to minimise the chances. But as Jason says, no matter how secure you make yourself, as long as you have value, you will be a target to criminals. The only way to prevent crime from happening to you is to make the crime worthless to the criminal. This is how we end up in Jason's example of a dingy room with nothing in it.

So we either all live in said dingy rooms or we realise that while some crime can be avoided by actions of the potential victims, the existence of crime is due to criminals, not victims. Once you come to that realisation, you can begin to take action both to increase awareness in potential victims and against criminals.

This applies to both technological and non-technological crime.

re: I'm Better Than You...No Really: Lame Security Claims

jasonmatusow — Fri, 22 Sep 2006 18:13:41 GMT

Jeroen -
I don't often want to look childish, but I do want to learn so I welcome your feedback.
1) I do blame the criminals because I think it is rediculous that our society continues to romanticize the "hacker." They are vandals or worse and when someone looses all of their docs, family pictures, etc. it is devistating to them - equally bad for a business.
2) I think all software vendors need to be more responsible in how we talk about these issues. That is not childish, nor is it easy. The factors of competition, development, sustaining engineering, quality, features...all make this tough.
3) I agree that software needs to be more secure, I agree that users need to be more security conscious. Good statement.

I think it is healthy to think aspirationally as it tends to establish goals that you can then work towards.

Thanks again for the comment.

Jason

re: I'm Better Than You...No Really: Lame Security Claims

Jeroen Frijters — Fri, 22 Sep 2006 15:47:32 GMT

Please stop to blaming the criminals, that solves nothing and is just as lame as the baseless claims of the Apple and Linux people that they are more secure.

You know what happens here in The Netherlands when you leave your laptop in your (unlocked) car? The police will take it and when you come pick it up you will get a stern talking too! And rightfully so.

Software needs to be made more secure (and users need to become more security conscious.)

Wishing for a utopian world society where there is no crime makes you look childish.