-- [ From: William Hugh Murray * EMC.Ver #3.1 ] --
>>>I remain convinced this is the first place we need to gets some
fixes. Otherwise, the unworthy and the responsible alike are going to
be held accountable for what amounts to stopping an avalanche with a
To propose this is to suggest that the problem is simply intractable.
I propose to you that we will never fix the network by fixing operating
systems. The world deployed more new buggy copies of your favorite
operating system today than it patched or replaced. If the only way to
secure the network is to fix the operating systems of the nodes, then we
will never get there.
You may say that the vendors can fix the problem by delivering higher
quality operating systems. How long will it take before the number of
good ones exceeds the number of bad ones; even assuming that buyers can
tell one from another and prefer secure ones to the fastest, most
functional, and general ones, a highly unlikely assumption?
The bad quality of the operating system is only a contributing factor to
the problem. The biggest problem is that the hackers are able to logon.
This problem persists because managers who have spent thousands of
dollars per seat to provide computing will not spend tens of dollars per
seat for strong user authentication. After that we have buffer overflow
problems. If one is to trust the reports, the number of these is at
best constant to growing. This problem appears to be solidly rooted.
Rooted, that is, in a developer and buyer preference for performance
over anything but function.
The next problem is that the operating system is visible to the public
network. If you admit that they are not capable of protecting themselves
from their traffic, then why are we connecting them to the public
network? Nice people simply do not do that. There is almost never a
justification for doing it but the rationale is that they must be
connected so we can fix them. I'm sorry?
Finally, there is gratuitous system functionality. If there were no
command processor then the problems of buffer overflows would be
mitigated. If I must choose between patching function and taking it
out, I prefer the latter. We are still using operating systems that
were built for sharing expensive hardware. As if that were not bad
enough, we are using them as if hardware were still expensive.
The net is that requiring strong authentication, hiding the operating
systems from the network, and removing gratuitous functionality are more
important and more effective than trying to replace or patch operating