Security Isn't Just Avoiding Microsoft

Ben Rothke   Today’s Top Stories   or  Other Security Stories  

The Secure Web Gateway. Mission Critical For Business Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management IronPort Encryption Technology: Safeguarding Business Email Juniper Networks SSL VPN and Oracle Identity Federation Implementation Guide Guide: Implementing UTM at Branch Compterworld Technology Briefing: Intelligent Users Use Business Intelligence Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Sign up to receive Security Resource Alerts

May 7, 2007 (Computerworld) -- We’ve all heard IT professionals imagine how secure their networks would be if they just didn’t have to use any Microsoft products.

I’ve had to listen to clients kvetch for hours on end about how Microsoft makes their lives miserable and how everything would be better in a Microsoft-free world. Tony Bove wrote a whole book with that theme, Just Say No to Microsoft, and plenty of blogs have taken up the cry.

It’s time for all the people who have entertained this fantasy to stop deluding themselves.

How would life without Microsoft be different? It wouldn’t be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system.

Networks in a world in which Apple had won the operating systems wars would still be insecure. What’s that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That’s true, but it’s a consequence of the minuscule market penetration of Mac OS. If the Mac had enjoyed a market share of upwards of 80 percent for the past couple of decades, it would have been the focus of every hacker and script kiddie on the planet. And you might be lamenting the minuscule market share of that scrappy operating system vendor in Redmond, Wash.

If you put computers on a network and open that network to the outside world via the Internet, you’re going to have security problems, regardless of whether you’re running Windows, Mac OS, Linux or an operating system you created in your spare time. By all means, we need to run the safest operating system we can, fortify our networks and police the whole thing. But once we’ve done all that, we’re left with one unalterable fact: Users will still make errors galore. Training can help. But for a bit of perspective, consider commercial air transportation. The hardware is about as safe as possible, and pilots are trained as thoroughly as surgeons. But accidents happen, and they’re usually the result of pilot error.

User errors have long been the bane of security. In a sense, true security requires a paranoia honed to a fanatical edge, but sometimes even fanaticism isn’t enough. After all, no one has surpassed the Nazis when it comes to fanatical paranoia. Yet even the well-trained German soldiers of World War II broke a fundamental rule of cryptography and reused the same keys. That mistake might be the only reason this article wasn’t written in German.

So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out. Set minimum security training and awareness requirements that all workers must meet -- even janitors and others who have no system access. Step up the requirements for those who have access to corporate information systems (most workers would fall into this category), and establish exhaustive requirements for employees in computer-related positions of trust, such as security staff and systems programmers.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"In Thursday's..." Read more... Read more Security posts or See all Blogs

Google Earth used by terrorists in India attacks Vista SP2 due next April, says report Apple adds DMCA charge to lawsuit against Psystar More top stories...

Despite steady Black Friday numbers, online shopping falls Can supercomputers help save the economy? Cool Stuff: Your 2008 Holiday Gift Guide

Deleting your digital past -- for good Can you erase your tracks online? We tried to get a few bad mentions off the Net forever. Here's how we did. Cool Stuff: Your 2008 Holiday Gift Guide We've got an array of economical, expensive, and just plain weird tech gifts for your friends and family. Review: BlackBerry Storm -- better for business than the iPhone? BlackBerry's Storm may be an iPhone wannabe, but it's a powerful smart phone that will be particularly attractive to business users. Thanks to gamers, the desktop supercomputer arrives Nvidia's Tesla Personal Supercomputer sports 960 cores, delivers almost 4 teraflops of performance and costs less than $9,995. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Record Capacity for Microsoft? Exchange 2007 With VMware and IBM System x3850 M2 Download this white paper today! (Source: VMware) The more that e-mail becomes an entrenched IT infrastructure application, the more that messaging administrators face numerous--sometimes conflicting--demands in the categories of availability, flexibility and cost. Employing a virtual solution can help avoid expensive over-provisioning of server computing resources, while improving management and disaster recovery. And ultimately, it can more than double the number of supportable Exchange 2007 users, as compared to a non-virtualized environment. This whitepaper explains how to break down the scalability barrier and respond faster to your mail system needs. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Simplifying Enterprise File Management Brocade and the File Area Network - A Taneja Group Solution Profile Consolidating Branch-Office Infrastructure Optimizes Information Management and Protection - Yankee Group View more whitepapers

• Google Earth used by terrorists in India attacks
• Despite steady Black Friday numbers, online shopping falls
• Vista SP2 due next April, says report
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Dan Tynan: Dear Firefox: Please forgive me She was the new girl in town for a while, but Google Chrome has lost her shine. Sorry Chrome: You've been swell, but I'm going back to my old flame, Firefox. ... [55 comments]