Other
Commentary
8/19/2005
09:32 AM
Patricia Keefe
Patricia Keefe
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Software (In) Security

In This Issue: Software (In) Security
1. Editor's Note: Software (In) Security
2. Today's Top Story
    - Microsoft Issues Zotob Cleaning Tool
    Related Stories:
    - New Zero-Day IE Bug Can Give Attackers Control
    - Poll: Third Of PC Users Blame Microsoft For Zotob Attacks
    - Adobe Patches Critical Reader, Acrobat Flaws
    - Apple Security Update Re-issued After First Breaks 64-bit Apps
3. Breaking News
    - Google Pushes Deeper Into Microsoft Software
    - Military Chooses Tech To Improve Terrorism Readiness
    - British Airways Strike Highlights Potential Dangers Of Outsourcing
    - Google Seeks Second Stock Offering
    - Intel Tries To Spur Wireless Cities Momentum
    - AOL Launches AIM Homepage, Upgrade
    - Akamai Launches Internet News Tracking Index
    - IBM Opens Research Center In Bangalore
    - Computer Associates Launches Research Effort
    - San Francisco Sees Economic Vitality in Citywide Wi-Fi
4. In Depth: Reviews And Personal Tech
    - CPU Buyer's Guide
    - Review: A Utility For Cleaning The Windows Registry
    - First And Foremost, Security Must Make Business Sense
    - Review: Macromedia Studio 9
    - Microsoft Unveils Pricing For Xbox
5. Voice Of Authority: Blog: Sticking With Travelocity Because Of Its Lousy Customer Service
6. White Papers: How To Evaluate Disk-Based Data Backup and Recovery Solutions
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription

Quote of the day: What is courage? You decide:

"Courage is one step ahead of fear." -- Coleman Young

"Courage is fear that has said its prayers." -- Dorothy Bernard

"Courage is fear holding on a minute longer." -- George S. Patton

"Courage is not the absence of fear, but rather the judgment that something else is more important than fear." -- Ambrose Redmoon


1. Editor's Note: Software (In) Security

"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In Space."

Even a casual viewer of network news knows we seem to be reaching an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to each other any more -- even if our company's firewall will accept it, we daren't open it half the time. And you can kiss the fun of E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that another recent survey found that more than four-fifths of the 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. This fear is allegedly influencing consumer decisions about where to shop, bank and invest online.

Moreoever, we're also finding ourselves devoting more and more time -- at work and at home -- to monitoring vendor and security Web sites for reports of more problems, and the fixes that follow. And you can't take your eyes off the ball then because patches and fixes are just as likely to be corrupted or to break other applications, or parts thereof, as they are to fix the initial problem

In short, it's getting harder and harder to just log on and compute, so to speak.

I am not a programmer, and I am not a developer, so it's not as though I can offer up a technical solution. (Though it seems fair to say that neither can the people who are building these applications.) Even so, the constant stream of hacking incidents, patches and re-patches has to leave you to wonder -- I know it does me -- whether application development is going to be able to keep pace with the growing skills of the hacker community.

I don't know if there are different programming techniques that could be tried or better languages that should be deployed. Or maybe it's more that security efforts will have to simply abandon the application level and push out to the firewalls and other technical barriers being erected around the corporate fortress and home PCs. I don't know what the solution is. But it does seem that unless something changes, we are just going to see more and more of these patches until what -- applications start running into other external problems traceable back to what ever fixed the internal breach? Until it becomes routine for entire networks to be brought down for a couple of hours at a time? Til we scurry back to the safety, if snail pace, of sneaker net? Then where is your computer-generated productivity? Until the consumers of software lose patience -- or faith -- in the purveyors of these programs?

With automated, often useless support, and minimal access to one-on-one assistance, we can't afford to leave users exposed to these weaknesses. Applications need to be more secure than they are now. The fixes to these vulnerabilities had better work the first time. Something has to give. I just don't know what it will be.

But on the opposite end of this issue -- the courtroom -- I do know that the sentences we are seeing handed down for various computer crimes are ridiculous. Too many exceptions are being made -- be it for the age of the defendant or, as in one recent case, for being "cooperative," but not providing any substantive help to the prosecution.

We need to slam the prison door shut on the perpetrators while we figure out how to slam the digital door shut on breaches in the first place. Which brings me back to my original premise, laid out in a May 27th blog entry, Security Is The New Cold War, which is that it's going to take a whole lot of communal effort from a whole lot of angles to keep up with, never mind combat, or even defeat, computer criminals. We're already too far behind.

Patricia Keefe
pkeefe@cmp.com
www.informationweek.com


2. Today's Top Story

Microsoft Issues Zotob Cleaning Tool
Microsoft late Wednesday rushed out a new version of its Windows Malicious Software Removal Tool as one response to a bot worm attack that began earlier this week.

Related Stories:
New Zero-Day IE Bug Can Give Attackers Control

Microsoft's Internet Explorer browser is vulnerable to an unpatched bug similar to one fixed last week, several security vendors said Thursday. Microsoft is investigating, the company confirmed in a security advisory.

Poll: Third Of PC Users Blame Microsoft For Zotob Attacks
Almost as many people are blaming Microsoft for the week's bot attacks on Windows 2000 as are blaming the hackers who wrote the bots, said a U.K.-based security vendor Thursday that polled 1,000 business PC users.

Adobe Patches Critical Reader, Acrobat Flaws
Users of the ultra-popular Adobe Reader and Acrobat applications should patch the software pronto to plug a highly critical vulnerability that could let attackers crash systems and inject malicious code into PCs and Macs.

Apple Security Update Re-Issued After First Breaks 64-bit Apps
Apple Computer re-released its massive Mac OS X security update Thursday after the upgrade broke 64-bit applications. The new update, dubbed "2005-007 v1.1," replaces the original rolled out Monday, and can be downloaded from Apple's site or from within the vulnerable 10.4.2 (Tiger) operating system.


3. Breaking News

Google Pushes Deeper Into Microsoft Software
Google has launched a tool that lets subscribers to its blog-hosting service write and post blogs directly from Microsoft Word, a move that reflects the search engine's determination to stake its claim on the software maker's Windows desktop.

Military Chooses Tech To Improve Terrorism Readiness
After testing more than 100 technologies earlier this summer, the military has tabbed three communication and IT systems to improve emergency response.

Consumer Worries About Online Security On The Rise
Survey finds that recent security and data-loss incidents have taken their toll on consumer confidence in E-commerce.

British Airways Strike Highlights Potential Dangers Of Outsourcing
Hiring a spin-off company to handle catering services is a case of outsourcing gone awry.

Google Seeks Second Stock Offering
On the one-year anniversary of its initial public offering, Google on Thursday proposed to federal regulators a second public offering of more than 14.2 million shares of common stock valued at $4 billion.

Salesforce.com Earnings Evidence Of A New CRM Power
Company reports 77% revenue growth in its second quarter, in contrast to rival Siebel's fiscal woes.

Intel Tries To Spur Wireless Cities Momentum
Intel is pushing an effort to get cities to adopt Wi-Fi.

AOL Launches AIM Homepage, Upgrade
America Online on Wednesday upgraded its instant messaging service, and launched a homepage highlighting the features and add-ons of AIM and a Web browser that provides quick access to AIM-related services.

Akamai Launches Internet News Tracking Index
Akamai has introduced a consumer-oriented index that will track usage of news being delivered by major news organizations.

IBM Opens Research Center In Bangalore
Acting as an extension of IBM's India Research Lab in New Delhi, the lab will be staffed with experts in distributed computing, software engineering, and knowledge management.

Computer Associates Launches Research Effort
Computer Associates has formed CA Labs to promote research in systems management and security issues, the Islandia, N.Y.-based company said Thursday.

San Francisco Sees Economic Vitality in Citywide Wi-Fi
While lawmakers in some parts of the country are fighting to ban free wireless broadband access, San Francisco Mayor Gavin Newsom is looking at it as a potential tool for fixing community problems.

All our latest news

Watch the news at thenewsshow.tv as anchor John Soat offers an off beat take on the headlines.

Today's Video:

Bob Evans on London Data Dust-ups

Elena Malykhina on Lost In An IP Cloud

John Soat on the XXX Factor


----- The latest research, polls, and tools -----

Money Matters
How does your pay compare with that of your peers? Featuring more than 20 job functions and tracking IT compensation across 20 metropolitan areas, InformationWeek Research's free and confidential 2005 IT Salary Adviser makes it easy to find out.

A Week's Worth Of Dailies -- All In One Place
Have you missed an issue or two of the InformationWeek Daily? Or want to check out some recent quotes of the day? Check out our all new Daily Newsletter archive page, and get caught up quickly.

-----------------------------------------


4. In Depth: Personal Tech And Reviews

CPU Buyer's Guide
A comprehensive buyer's guide to Intel's and AMD's lineups, from performance processors to the high-end, midrange, and value categories. We have specs, prices, and pertinent performance information.

Review: A Utility For Cleaning The Windows Registry
AMUST Registry Cleaner intelligently deals with your Windows registry, and offers features that encourage you to use it often enough to make it effective.

First And Foremost, Security Must Make Business Sense
Return on investment analysis is useful, but prioritizing security projects and focusing on business objectives are necessities.

Review: Macromedia Studio 9
In its latest release, Macromedia reconfigures its Studio Suite with updates of Dreamweaver, fireworks, and flash professional, plus two new components.

Microsoft Unveils Pricing For Xbox
Microsoft on Wednesday said pricing for the Xbox 360 video game and entertainment system would start at $299.99.


5. Voice Of Authority

Blog: Sticking With Travelocity Because Of Its Lousy Customer Service
The offshoring of IT work to India is now mainstream, and the quality level of completed work is generally good, if not excellent. However, the same can't be said for offshore call centers, where language and cultural barriers often lead to a frustrating customer experience. Yet the practice will continue to grow -- and here's one example of why, says Paul McDougall.


6. White Papers

How To Evaluate Disk-Based Data Backup and Recovery Solutions
Disk-based backup is becoming the solution of choice: Gartner projects that by 2008, the majority of data restores will occur from disk, not from tape. You need to identify the best solution for your server data backup and recovery needs. Establish your own evaluation checklist, decide what matters most, and save time as you assess solutions.


7. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


8. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
InfoWeek@update.informationweek.com

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2005 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.