Slashdot Mirror

← Back to Stories (view on slashdot.org)

Increased Software Vulnerability, Gov't Regulation

Posted by Hemos on from the the-perils-of-regulation dept.

PogieMT writes "An article in the New York Times (registration required) suggests that the rash of security flaws, viruses and worms is leading a push towards greater regulation by the government, which, according to the piece, has largely relied on the efforts of individual companies."

9 of 291 comments (clear)

  1. Blame the user by madsen · · Score: 2, Informative
    In just about every report on worms or virus attacks the user is blamed for propagating the problem. In the article Scott Charney (MS security chief) tells the users to get antivirus software and keep it up to date.
    That wouldn't be necessary if the user does as his third suggestion, patch the system.
    And that wouldn't be necessary if the system would be built more securely from the start.

    A good idea for MS would be to not make their stuff so userfriendly that it automatically executes every virus attachement that it comes across but instead would warn the user by default.

    1. Re:Blame the user by dzym · · Score: 2, Informative
      A good idea for MS would be to not make their stuff so userfriendly that it automatically executes every virus attachement that it comes across but instead would warn the user by default.
      The default behavior for Outlook, Express, has already been to do this. It is certainly not Microsoft's fault a select subset of individuals aren't patching or are smart enough to be purposefully circumventing their attachment protections but are dumb enough to run attachments anyway.
  2. Reprint of the story by Florian+Weimer · · Score: 2, Informative

    Here.

  3. Or a free link by Anonymous Coward · · Score: 1, Informative

    here

  4. semantic error in your reading of the article by Simon · · Score: 2, Informative
    "What we're seeing is that those voluntary efforts are insufficient, and the repercussions are vast."

    I think that here "voluntary efforts" refers to businesses' efforts to handle security without regulations and laws forcing them to (i.e. 'voluntarily'), and doesn't refer to Open Source developers.

    Have a nice day.

    --
    Simon

  5. Re:they forgot to mention by Anonymous Coward · · Score: 2, Informative
    It only appears so because Microsoft's is found on practically every desktop and on the majority of server computer too.


    Microsurfs repeat this myth a lot. Is it true? Does WinXX have more viruses and stability problems because it is on "practically every desktop and server"?


    Obviously not. OpenSource software run 67% of the Internet, and Linux is underneath a large part of those applications, yet it is only those Internet servers running Microsoft products that are targets of the malware. It is a fact that Script Kiddies and Crackers target WinXX and its applications because they are easy to break into. As far as reliability goes, Bill Gates himself said that 50% of all WinXX platforms crash at least once a day. I have no doubts that the remaining 50% crash more than once a day. He also said that half of the stability problems were caused by drivers from 3rd party software house, but that leave four fingers pointing back at MS. He knows full well that if his platforms were more stable 3rd party software would be more stable. http://www.bugtoaster.com/dw15/Reports/OperatingSy stems.asp


    Linux now runs about 25% of corporate America's servers and is probably settng on 10% of their desktops. In other countries the pecentages are higher. One would think that 25% of the viruses and trojans would be targeted at Linux, if susceptibility were merely a function of percentages. Not so. The fact is that unlike Windows, Linux stability is legendary, and so is the security. The properties were designed into Linux and the OpenSource paradigm is the major reason. "All bugs are shallow to a thousand eyeballs." Propriatary code can't match it. Another reason for Linux's security is that users don't run as root. Script kiddies running root kits have a much harder time breaking into a Linux box. That is why, when a Linux box is cracked, it becomes front page news, while the news about Microsoft cracks is how many millions of machines got compromised. Microsurfts failing to "patch" their boxes isn't the reason. The patches themselves can cause more holes than the ones they supposedly fix. The number of holes are so great it is becoming impossible for WinXX users to protect their machines. Anti-virus software can't work until the virus is trapped, analyzed and a fix created. By then many machines have bee compromised. It amazed me at work how much effort was required to clean up Natchi and SoBig, even though 6 MSCE labored furiously to secure our network before the infections were discovered.


    Your comment reveals your ignorance about how Linux works but I'm not going to take the space here to explain it to you.

  6. Linux would never happen again by kaybee · · Score: 2, Informative

    The only way Linux, FreeBSD, and all of the other operating systems that have appeared over the years were possible is because of the lack of government regulation. Once the government steps in, it will only stifle creativity and limit consumer options.

    Who is best to deal with government regulations? Microsoft.

    Thanks, but no thanks. This issue will work itself out. We are in our growing stages. The government is not a solution to everything... actually, not much at all, really.

  7. Regulation will stifle software by scruffy · · Score: 3, Informative
    Software engineering is unlike a lot of other engineering in that no one can predict with much certainty what a large program is going to do. This lack of certainly is not just bad engineering, it is a mathematically proven law of software. Add to that the fact that each computer runs a slightly different set of programs and is connected to a slightly different set of peripherals, then you have even a more impossible problem.

    Software on airplanes work reasonably well because they test the hell of it and two airplanes of the same model are pretty much the same. Also, the users of the software (airplane crews) are well-trained. The exteme testing and thorough training though makes it very expensive. I don't think we can afford to hire software engineer and tutor for each household.

    I would be afraid that regulation would not fully take into account the difficulties of making perfect software and dealing with untrained users.

  8. Link with no registration required by Anonymous Coward · · Score: 1, Informative

    No-registration-required version of the article.