"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In S
"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In Space."Even a casual viewer of network news knows we seem to be reaching an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to each other any more -- even if our company's firewall will accept it, we daren't open it half the time. And you can kiss the fun of E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that another recent survey found that more than four-fifths of the 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. This fear is allegedly influencing consumer decisions about where to shop, bank, and invest online.
Moreover, we're also finding ourselves devoting more and more time -- at work and at home -- to monitoring vendor and security Web sites for reports of more problems, and the fixes that follow. And you can't take your eye off the ball then because patches and fixes are just as likely to be corrupted or to break other applications or parts thereof, as they are to fix the initial problem.
In short, it's getting harder and harder to just log on and compute, so to speak.
I am not a programmer, and I am not a developer, so it's not like I can offer up a technical solution. (Though it seems fair to say that neither can the people who're building these applications.) Even so, the constant stream of hacking incidents, patches, and re-patches has to leave you to wonder -- I know I do -- whether application development is going to be able to keep pace with the growing skills of the hacker community.
I don't know if there are different programming techniques that could be tried or better languages that should be deployed. Or maybe it's more that security efforts will have to simply abandon the application level and push out to the firewalls and other technical barriers being erected around the corporate fortress and home PCs. I don't know what the solution is. But it does seem that unless something changes, we're just going to see more and more of these patches until what -- applications start running into other external problems traceable back to what ever fixed the internal breach? Until it becomes routine for entire networks to be brought down for a couple of hours at a time? Til we scurry back to the safety, if snail pace, of sneaker net? Then where is your computer-generated productivity? Until the consumers of software lose patience -- or faith -- in the purveyors of these programs?
With automated, often useless support, and minimal access to one-on-one assistance, we can't afford to leave users exposed to these weaknesses. Applications need to be more secure than they are now. The fixes to these vulnerabilities had better work the first time. Something has to give. I just don't know what it will be.
But on the opposite end of this issue -- the courtroom, I do know that the sentences we're seeing handed down for various computer crimes are ridiculous. Too many exceptions are being made -- be it for the age of the defendant or as in one recent case, for being "cooperative," but not providing any substantive help to the prosecution.
We need to slam the prison door shut on the perpetrators while we figure out how to slam the digital door shut on breaches in the first place. Which brings me back to my original premise, laid out in a May 27th blog entry, Security Is The New Cold War, which is that it's going to take a whole lot of communal effort from a whole lot of angles to keep up with, never mind combat, or even defeat, computer criminals. We're already too far behind.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.