FC: Microsoft security fix: Regulation vs. simpler solutions

From: Declan McCullagh (declanat_private)
Date: Wed Feb 12 2003 - 08:46:34 PST

  • Next message: Declan McCullagh: "FC: German government forces deletion of Ogrish.com domain"

    Previous messages:
    http://www.politechbot.com/p-04405.html
    http://www.politechbot.com/p-04404.html
    
    ---
    
    From: <mimimat_private>
    Reply-To: mimiat_private
    To: <declanat_private>
    CC: <aamolschat_private>
    Subject: Regulation vs. simpler solutions
    Date: Tue, 11 Feb 2003 22:35:33 -0500
    
    Hurrah for you, Declan!
    
    Let's assume the best of Mr. Clarke. Assume he is not seeking to inflate 
    his own importance and fatten the funding of his own and his 
    friends'dot.gov fiefdoms. Nevertheless, his embrace of "new, intrusive, and 
    arguably unwarranted regulations," (as you so aptly put it) is still 
    frightening.
    
    Clarke desribed the problem: "The events of the last weekend demonstrate 
    yet again how vulnerable our society is to cyberspace attacks.  The 
    Sapphire Worm was essentially a dumb worm that was easily and cheaply 
    made.  It attacked only one vulnerability on one piece of software from one 
    vendor for one type of machine. Moreover, that vulnerability was one for 
    which a patch had been available for many months. Nonetheless, the results 
    of the worm were significant."
    
    This Cyberspace "attack," like most that have preceded it, is much simpler 
    than Clarke makes it and can probably be prevented in the future with a far 
    less intrusive mechanism than the proposals for the government to seize 
    control of the internet (if that is even possible).  Occam's Razor is 
    helpful: from a set of otherwise equivalent models of a given phenomenon 
    choose the simplest one -- "shave off" those concepts, variables or 
    constructs that are not really needed to explain the phenomenon.
    
    Most, if not all, of these problems have involved vulnerabilities in 
    Microsoft's Windows operating system (or MS Excel, or MS Outlook). So -- 
    why not just an executive order or GSA procurement regulation requiring the 
    federal government (and advising anyone else who doesn't want to be held 
    hostage to Microsoft's vulnerabilities) to invest no more than N% of its 
    computer resources in one vendor's equipment or software? Use the 
    independent Linux operating system (in addition to or instead of Windows or 
    its Microsoft progeny. Use PCs, sure. But buy some Macs as well. Use 
    portable web servers that can be used on any platform (personal 
    computer-based, mid-range, mainframe). If the government refused to invest 
    itself so completely in monopolies or near-monopolies, this would not be 
    nearly the problem it is now.
    
    Mimi Madden
    (for more on Occam's Razor, see http://pespmc1.vub.ac.be/OCCAMRAZ.html) 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q=declan
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 09:08:01 PST