In This Issue: Software (In) Security
1. Editor's Note: Software (In) Security
2. Today's Top Story
- Microsoft Issues Zotob Cleaning Tool
- New Zero-Day IE Bug Can Give Attackers Control
- Poll: Third Of PC Users Blame Microsoft For Zotob Attacks
- Adobe Patches Critical Reader, Acrobat Flaws
- Apple Security Update Re-issued After First Breaks 64-bit Apps
3. Breaking News
- Google Pushes Deeper Into Microsoft Software
- Military Chooses Tech To Improve Terrorism Readiness
- British Airways Strike Highlights Potential Dangers Of Outsourcing
- Google Seeks Second Stock Offering
- Intel Tries To Spur Wireless Cities Momentum
- AOL Launches AIM Homepage, Upgrade
- Akamai Launches Internet News Tracking Index
- IBM Opens Research Center In Bangalore
- Computer Associates Launches Research Effort
- San Francisco Sees Economic Vitality in Citywide Wi-Fi
4. In Depth: Reviews And Personal Tech
- CPU Buyer's Guide
- Review: A Utility For Cleaning The Windows Registry
- First And Foremost, Security Must Make Business Sense
- Review: Macromedia Studio 9
- Microsoft Unveils Pricing For Xbox
5. Voice Of Authority: Blog: Sticking With Travelocity Because Of
Its Lousy Customer Service
6. White Papers: How To Evaluate Disk-Based Data Backup and
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription
Quote of the day: What is courage? You decide:
"Courage is one step ahead of fear." -- Coleman Young
"Courage is fear that has said its prayers." -- Dorothy Bernard
"Courage is fear holding on a minute longer." -- George S. Patton
"Courage is not the absence of fear, but rather the judgment that
something else is more important than fear." -- Ambrose Redmoon
1. Editor's Note: Software (In) Security
"Danger, Will Robinson! Danger!" That ought
to be the first thing every user hears upon breaking the seal on
a new application or hitting the "download now" button. Given the
rate at which new apps and operating system updates are being
cracked, hacked, and infested, perhaps the software industry
should adopt as its mascot, the zealously protective, but often
useless Robot from the mid-'60s sci-fi classic series, "Lost In Space."
Even a casual viewer of network news knows we seem to be reaching
an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to
each other any more -- even if our company's firewall will accept
it, we daren't open it half the time. And you can kiss the fun of
E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that
another recent survey found that more than four-fifths of
the 8,000 consumers surveyed reported feeling threatened or
extremely threatened by online fraud and identity theft. This
fear is allegedly influencing consumer decisions about where to
shop, bank and invest online.
Moreoever, we're also finding ourselves devoting more and more
time -- at work and at home -- to monitoring vendor and security
Web sites for reports of more problems, and the fixes
that follow. And you can't take your eyes off the ball then
because patches and fixes are just as likely to be corrupted or
other applications, or parts thereof, as they are to fix the
In short, it's getting harder and harder to just log on and
compute, so to speak.
I am not a programmer, and I am not a developer, so it's not as
though I can offer up a technical solution. (Though it seems fair
to say that neither can the people who are building these
applications.) Even so, the constant stream of hacking incidents,
patches and re-patches has to leave you to wonder -- I know it
does me -- whether application development is going to be able to
keep pace with the growing skills of the hacker community.
I don't know if there are different programming techniques that
could be tried or better languages that should be deployed. Or
maybe it's more that security efforts will have to simply abandon
the application level and push out to the firewalls and other
technical barriers being erected around the corporate fortress
and home PCs. I don't know what the solution is. But it does seem
that unless something changes, we are just going to see more and
more of these patches until what -- applications start running
into other external problems traceable back to what ever fixed
the internal breach? Until it becomes routine for entire networks
to be brought down for a couple of hours at a time? Til we scurry
back to the safety, if snail pace, of sneaker net? Then where is
your computer-generated productivity? Until the consumers of
patience -- or faith -- in the purveyors of these programs?
With automated, often useless support, and minimal access to
one-on-one assistance, we can't afford to leave users exposed to
these weaknesses. Applications need to be more secure than they
are now. The fixes to these vulnerabilities had better work the
first time. Something has to give. I just don't know what it will be.
But on the opposite end of this issue -- the courtroom -- I do
know that the sentences we are seeing handed down for various
computer crimes are ridiculous. Too many exceptions are being
made -- be it for the age of the defendant or, as in one recent
case, for being "cooperative," but not providing any substantive
help to the prosecution.
We need to slam the prison door shut on the perpetrators while we
figure out how to slam the digital door shut on breaches in the
first place. Which brings me back to my original premise, laid
out in a May 27th blog entry, Security Is The New Cold War, which is
that it's going to take a whole lot of communal effort from a
whole lot of angles to keep up with, never mind combat, or even
defeat, computer criminals. We're already too far behind.
Microsoft late Wednesday rushed out a new version of its Windows
Malicious Software Removal Tool as one response to a bot worm
attack that began earlier this week.
Related Stories: New Zero-Day IE Bug Can Give Attackers Control
Microsoft's Internet Explorer browser is vulnerable to an
unpatched bug similar to one fixed last week, several security
vendors said Thursday. Microsoft is investigating, the company
confirmed in a security advisory.
Adobe Patches Critical Reader, Acrobat Flaws
Users of the ultra-popular Adobe Reader and Acrobat applications
should patch the software pronto to plug a highly critical
vulnerability that could let attackers crash systems and inject
malicious code into PCs and Macs.
Apple Security Update Re-Issued After First Breaks 64-bit Apps
Apple Computer re-released its massive Mac OS X security update
Thursday after the upgrade broke 64-bit applications. The new
update, dubbed "2005-007 v1.1," replaces the original rolled out
Monday, and can be downloaded from Apple's site or from within
the vulnerable 10.4.2 (Tiger) operating system.
Google has launched a tool that lets subscribers to its
blog-hosting service write and post blogs directly from Microsoft
Word, a move that reflects the search engine's determination to
stake its claim on the software maker's Windows desktop.
Google Seeks Second Stock Offering
On the one-year anniversary of its initial public offering,
Google on Thursday proposed to federal regulators a second public
offering of more than 14.2 million shares of common stock valued
at $4 billion.
AOL Launches AIM Homepage, Upgrade
America Online on Wednesday upgraded its instant messaging
service, and launched a homepage highlighting the features and
add-ons of AIM and a Web browser that provides quick access to
IBM Opens Research Center In Bangalore
Acting as an extension of IBM's India Research Lab in New Delhi,
the lab will be staffed with experts in distributed computing,
software engineering, and knowledge management.
How does your pay compare with that of your peers? Featuring more
than 20 job functions and tracking IT compensation across 20
metropolitan areas, InformationWeek Research's free and
confidential 2005 IT Salary Adviser makes it easy to find out.
A Week's Worth Of Dailies -- All In One Place
Have you missed an issue or two of the InformationWeek Daily? Or
want to check out some recent quotes of the day? Check out our
all new Daily Newsletter archive page, and get caught up quickly.
The offshoring of IT work to India is now mainstream, and the
quality level of completed work is generally good, if not
excellent. However, the same can't be said for offshore call
centers, where language and cultural barriers often lead to a
frustrating customer experience. Yet the practice will continue
to grow -- and here's one example of why, says Paul McDougall.
Disk-based backup is becoming the solution of choice: Gartner
projects that by 2008, the majority of data restores will occur
from disk, not from tape. You need to identify the best solution
for your server data backup and recovery needs. Establish your
own evaluation checklist, decide what matters most, and save time
as you assess solutions.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.