[thelist] RE: [OT] blaster worm punishment [major rant, sorry]

Richard Harb rharb at earthling.net
Sun Jan 30 12:23:57 CST 2005


-----Original Message-----
From: Steven Streight
Sent: Sunday, January 30, 2005, 8:46:13 AM
> I was just curious about what web developers who
> subscribe to this list might think about the criminal
> prosecution and punishment of the person who unleashed
> a worm.

> I consider such acts to be home grown terrorism and
> similar to murder, downsizing, or offshore outsourcing
> of sensitive material (network security, medical
> records, government work, etc.) in purely detrimental
> effects for no good cause.

First and foremost I detest the use of the word terrorism. It is used so
inflationary these days, completely thwarts the implied threat to one's life and
thus completely out of place.

Second and this one's going to be the longer answer:

I've been using computers for 15 years or so, and Windows still is my primary
developer OS, simply because I've grown so accustomed to a couple tools that I
could not yet find a good enough replacement for on my linux machines.

In all this time I've rarely been infected with viruses although I neither have
a personal firewall on my machine nor antivirus software. Actually the
performance of this fairly old computer would take a serious hit, but that's a
different topic.

I don't consider myself especially lucky but extremely informed and knowlegdable
when it comes to choosing the right tools. Of course being subscribed to some
security related lists and actually reading the posts might help.

But in my experience 99 and more percent of all computer users do not have that
kind of knowledge. They blindly accept what they are given (preinstalled) and
that usually means Windows XP and Internet Explorer.

It's a fact that Windows never has been developed with any kind of security in
mind. It was developed with making money as a primary motivation. Nobody in
their right mind would have chosen DOS / Windows for technical reasons alone.
It was and still is all in the marketing.

One of the main arguments that companies choose Windows 3.1 / 95 was that legacy
code would still run. It was nothing more than a pretty interface to the legacy
DOS.

Windows NT was kind of the same: There's been the chance to make a complete
redesign, but the decisionmaking for or against it was also driven by what kind
of programs could be run on it. While its preemptive multitasking and NTFS might
have been improvements over 'that other system', it still borrowed too many
legacy concepts making it inherently insecure.

Windows 2000 is just a more comfortable version of NT with its supporting USB,
DirectX etc, whereas Windows XP being a major step backwards in terms of
security. In every default installation, even if you install from scratch, every
user is a local administrator with all the power to completely destroy just
about everything.

It was a necessary step from Microsoft to get acceptance: for home users, most
games wouldn't run - and many still won't - without administratice priviledges.
How do you explain Joe User that he has to create an own account for gaming and
one for surfing the net?

And companies have been very reluctant to pick it up anyway. It's Microsofts
playing its corporate power that guarantees for all the older OSes to be phased
out. The new systems are of course advertised - again - to be able to run all
the well known applications (WinXP SP2 anyone?) with oh so much more
productivity and life saving features. And yes, there will be no more patches
and updates for your old system. Nicely labelled service releases of course
which we receive by their grace when the product they shipped shouldn't have
been made public in the first place.

And don't get me that lame excuse about software being programmed by humans.

Every human will accept that errors can be made.
But it took long years of marketing effort and brainwashing to get the general
public to take it as a given that software just has to be so bug infested.


Which finally brings me to the point I wanted to make:

If a company using the computer as a means of making money can not afford hiring
competent IT people, either permanently or for consulting purposes then they do
not have my sympathy for having their computers infected.

While I'm certainly not delighted if my machine were taken over by some virus I
am glad that there are a lot of viruses and trojans out there - if simply to
raise the public awareness that Windows is an inherently insecure system and
that it takes incredible effort to keep it secure.
Hell, I wish I got all the time back I sat waiting for the f... systems to
reboot.


My hope is that in the process of that realization people will look for
alternatives and maybe discover that there actually are systems that are a)
fairly usable and b) secure by design.

That software issue on alternative OSes will then be resolved soon enough.

Richard


--
[list of self promotional websites snipped]




More information about the thelist mailing list