A Website Dedicated to Computer Professional...and some not so Professional

Lazy IT vs. Security Flaws
Douglas Chick

Who is to blame for virus attacks on computer systems; the software maker, the ISP, or the lazy network administrator? Today’s sophisticated viruses are smarter, well dressed, and sporting a purpose—unauthorized access to your computer. Because there are no names or faces to put on these hacking viruses, who else can be blamed? Enter The Virus Blame Game. (note: if you refresh or page, you can hear the intro music again)

 

Are the Software Makers to Blame?

     The more popular opinion is that software makers are responsible for security and virus breaches because they are too quick to release product to appease anxious shareholders. As a computer person it is easy for me to take this point of view and blame the software makers. With each new release of software comes a deluge of bugs, security holes and patches. It has always bothered me that it is left to the computer administrator to discover and report problems to the software’s maker. If operating systems were automobiles, there would be a lemon- law or more extreme; a class action taken against the software maker. It is in my opinion that software makers are largely responsible for security flaws because many of the software being released is stockholders driven rather than market driven. Windows 2003 is a perfect example of this: There was no market demand to replace Windows 2000. What was heard from those that work at the frontlines was for a more secure operating system. What we got was twin-crying babies demanding our constant attention for more bottles, more diapers, and more security patches. So instead of one network operating system with holes, you would have two. And in organizations with a lot of Windows 2000 computers weekly updates can be a full time job. I know of one group that has 400 windows 2000 computers. That is 400 weekly security updates. 

There are two more camps of thought as to the real intent of viruses:

     Many computer people believe that anti-virus companies create viruses, as it is their stock that is always on the rise. Another group believe that software companies themselves are behind these assaults to help pad to way for dummy terminals. What will dummy terminals do? The thought of having computer users store all of their data on the vendor’s servers, thus allowing them to control access and licenses works better for a software executive than Viagra. (You know what I mean) 


Are ISPs to Blame?

Internet Service Providers should take some responsibility for the service that they provide. Companies like mine pay a premium for T1 lines and other circuits. Utility companies such as a phone company or cable company, have for too long negated responsibly for so called  “Acts of God” and they use the same excuse when it comes to hackers, spam and viruses. I have 26 T1 lines and once their contracts are over, I’m going to replace them with an Internet provider that does take responsibly for the security of their customers. If my company has to purchase a firewall, it’s because the phone company isn’t doing enough to protect the customer. Would you fly an airline that was this lacks in security? Oh, I’m sorry—we did?


Are Lazy IT People to Blame?

     The software maker’s claim is that the computer user and network administrators are responsible for these attacks because they do not patch their systems with updated security patches. Its true that updating your computer with security patches should be a daily ritual for both computer user and network administrator, but like anti-virus software, the fix for most of these intrusions are only available after the fact. To me this is a pointless dispute that reminisces the chicken before the egg argument. Still, with all of the above mentioned, computer professionals should take some of the blame for not patching their systems. We know that software is always released too soon; we also know, or at least it seems, that ISPs don’t do enough to protect the networks that you lease from them. Knowing this, it’s your responsibility to keep your patches up to date, if you don’t it just makes it harder to blame the other guys.

DougChick@TheNetworkAdministrator.com