Lazy IT vs. Security Flaws
Who is to blame for virus attacks on
computer systems; the software maker, the ISP, or the lazy network
administrator? Today’s sophisticated viruses are smarter, well dressed,
and sporting a purpose—unauthorized access to your computer. Because there
are no names or faces to put on these hacking viruses, who else can be blamed?
Enter The Virus Blame Game. (note: if you refresh or
page, you can hear the intro music again)
Software Makers to Blame?
The more popular opinion is that
software makers are responsible for security and virus breaches because they
are too quick to release product to appease anxious shareholders. As a
computer person it is easy for me to take this point of view and blame the
software makers. With each new release of software comes a deluge of
bugs, security holes and patches. It has always bothered me that it is left
to the computer administrator to discover and report problems to the
software’s maker. If operating systems were automobiles, there would be a
lemon- law or more extreme; a class action taken against the software maker.
It is in my opinion that software makers are largely responsible for
security flaws because many of the software being released is stockholders
driven rather than market driven. Windows 2003 is a perfect example of this:
There was no market demand to replace Windows 2000. What was heard from
those that work at the frontlines was for a more secure operating system.
What we got was twin-crying babies demanding our constant attention for more
bottles, more diapers, and more security patches. So instead of one network
operating system with holes, you would have two. And in organizations with a
lot of Windows 2000 computers weekly updates can be a full time job. I know
of one group that has 400 windows 2000 computers. That is 400 weekly
There are two more camps of thought as to
the real intent of viruses:
Many computer people believe that
anti-virus companies create viruses, as it is their stock that is always on
the rise. Another group believe that software companies themselves are
behind these assaults to help pad to way for dummy terminals. What will
dummy terminals do? The thought of having computer users store all of their
data on the vendor’s servers, thus allowing them to control access and
licenses works better for a software executive than Viagra. (You
know what I mean)
Are ISPs to Blame?
Internet Service Providers should take
some responsibility for the service that they provide. Companies like mine
pay a premium for T1 lines and other circuits. Utility companies such as a
phone company or cable company, have for too long negated responsibly for so
called “Acts of God” and
they use the same excuse when it comes to hackers, spam and viruses. I have
26 T1 lines and once their contracts are over, I’m going to replace them
with an Internet provider that does take responsibly for the security of
their customers. If my company has to purchase a firewall, it’s because
the phone company isn’t doing enough to protect the customer. Would you
fly an airline that was this lacks in security? Oh, I’m sorry—we did?
IT People to Blame?
The software maker’s claim is that the
computer user and network administrators are responsible for these attacks
because they do not patch their systems with updated security patches. Its
true that updating your computer with security patches should be a daily
ritual for both computer user and network administrator, but like anti-virus
software, the fix for most of these intrusions are only available after the
fact. To me this is a pointless dispute that reminisces the chicken before
the egg argument. Still, with all of the above mentioned, computer professionals
should take some of the blame for not patching their systems. We know that
software is always released too soon; we also know, or at least it seems,
that ISPs don’t do enough to protect the networks that you lease from
them. Knowing this, it’s your responsibility to keep your patches up to
date, if you don’t it just makes it harder to blame the other guys.