Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Why the bad guys are winning

Michael Horowitz, Computerworld US | June 6, 2011
A depressingly long list of reasons.

... wrote it in a language that he knew .. and wrote it very carefully ... Now, is that a commercial practicality? No. I mean, he would have been fired by any employer.

  1. Software will always be buggy even without economics:
    Programming is still an art and one best done by the fewest possible people. How many great works of art in a museum were done by a large team working together? Large applications, written by teams of developers, are especially likely to be buggy, either due to communication failures or the inclusion of less skilled developers.
  2. Popular software:
    When software gets brutally popular (think Windows, Flash, Adobe Reader and Java) bad guys devote time and effort to finding bugs that can be exploited. Many times on this blog I suggested avoiding software that has a bulls eye painted on it's back.
  3. Bug fixes:
    The process of installing bug fixes (politely known as patches) to software applications on Windows and Macs is disgraceful, with each application forced to roll its own self-update scheme. It's anarchy. While large corporations can spring for software that installs bug fixes company-wide, smaller organizations and consumers suffer. Thus many, if not most, personal computers are running software that is missing patches to known bugs. I used to recommend Secunia's Online Software Inspector, but it requires Java and I'm hesitant to encourge the use of Java as flaws in old versions are frequently exploited by bad guys.
  4. Nothing prevents a program from advertising itself as doing one thing, but when it's installed doing something else too.
  5. Windows does not do a great job of defending itself. For example, Patchguard, UAC, DEP and ASLR have all been defeated, at times, by bad guys. 
  6. Least privilege:
    Both Windows and Macs have a concept of limited/restricted users and administrative users. Think of it as adult users who can do anything and child users who are restricted from messing up the guts of the system. An important defensive computing tact is to run with the least privileges necessary. Practically speaking, this means logging on to the computer as a limited/restricted user most of the time and only logging on as an administrator/adult when necessary. But, both Windows and Macs default to using administrative level logons, a big security mistake.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.