Mobile // Mobile Applications
Commentary
8/19/2005
09:50 AM
Patricia Keefe
Patricia Keefe
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Software (In) Security

"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In S

"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In Space."Even a casual viewer of network news knows we seem to be reaching an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to each other any more -- even if our company's firewall will accept it, we daren't open it half the time. And you can kiss the fun of E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that another recent survey found that more than four-fifths of the 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. This fear is allegedly influencing consumer decisions about where to shop, bank, and invest online.

Moreover, we're also finding ourselves devoting more and more time -- at work and at home -- to monitoring vendor and security Web sites for reports of more problems, and the fixes that follow. And you can't take your eye off the ball then because patches and fixes are just as likely to be corrupted or to break other applications or parts thereof, as they are to fix the initial problem.

In short, it's getting harder and harder to just log on and compute, so to speak.

I am not a programmer, and I am not a developer, so it's not like I can offer up a technical solution. (Though it seems fair to say that neither can the people who're building these applications.) Even so, the constant stream of hacking incidents, patches, and re-patches has to leave you to wonder -- I know I do -- whether application development is going to be able to keep pace with the growing skills of the hacker community.

I don't know if there are different programming techniques that could be tried or better languages that should be deployed. Or maybe it's more that security efforts will have to simply abandon the application level and push out to the firewalls and other technical barriers being erected around the corporate fortress and home PCs. I don't know what the solution is. But it does seem that unless something changes, we're just going to see more and more of these patches until what -- applications start running into other external problems traceable back to what ever fixed the internal breach? Until it becomes routine for entire networks to be brought down for a couple of hours at a time? Til we scurry back to the safety, if snail pace, of sneaker net? Then where is your computer-generated productivity? Until the consumers of software lose patience -- or faith -- in the purveyors of these programs?

With automated, often useless support, and minimal access to one-on-one assistance, we can't afford to leave users exposed to these weaknesses. Applications need to be more secure than they are now. The fixes to these vulnerabilities had better work the first time. Something has to give. I just don't know what it will be.

But on the opposite end of this issue -- the courtroom, I do know that the sentences we're seeing handed down for various computer crimes are ridiculous. Too many exceptions are being made -- be it for the age of the defendant or as in one recent case, for being "cooperative," but not providing any substantive help to the prosecution.

We need to slam the prison door shut on the perpetrators while we figure out how to slam the digital door shut on breaches in the first place. Which brings me back to my original premise, laid out in a May 27th blog entry, Security Is The New Cold War, which is that it's going to take a whole lot of communal effort from a whole lot of angles to keep up with, never mind combat, or even defeat, computer criminals. We're already too far behind.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.