« Pre-created *Solaris... | Main | Did Sun really lose? »

20050817 Wednesday August 17, 2005

Attacking the virus problem

The latest virus causing computers to reboot is causing quite a bit of stir. I hear about it on the radio, TV and read about it online. The progress being made, unfortunately, isn't in prevention. The progress is in how it is reported. The reporting is less about emphasizing viruses as "computer viruses". No non-windows computer of mine has never had a virus. Ever. The reports are now getting more accurate by saying "computer viruses that affect Microsoft Windows", which is akin to saying "The artist formerly known as Prince". It is probably a trademark infringement to say "Windows Virus", but in effect it would be calling a spade a spade.

I don't want this post to be a bash Windows post. If the bad guys targed other OS's, there would no doubt be problems, but I have the (perhaps naive) believe that the effects wouldn't be as disastrous. For example, targeting my host with a similar virus wouldn't reboot the box, just log me out of my account. Perhaps it's just semantics.

I still have the belief that PC's in general are the *wrong* way to go [note: PC's != Windows], and I doubt I am alone. I'll keep pounding the thought that we should outsource the home adminstrator. I haven't been following the Web 2.0 discussion at all, but when I think of Web 2.0, I think of a web with security first and foremost. Every client has a certificate. Every server has a certificate. Email is safe. No spyware. No SPAM. OK, not entirely true, but there is some level of accountability. We have a thread to follow. If you want to be anonymous, back out to Web 1.0 and die a death by a thousand paper cuts. Support yourself, don't come to me.

Outsourcing the desktop PC and a secure web would solve are large array of problems. Why they heck isn't the industry moving in this direction whole-heartedly? Too much cost? Industry politics? Not enough pain? Denial? Control? Heck, SPAM, viruses & spyware is not control. Get over it. Is it because we value anonymity over viruses, SPAM and spyware? I suppose you get what you ask for, consequences and all.

(2005-08-17 07:55:00.0) Permalink Comments [4]

Trackback URL: http://blogs.sun.com/jclingan/entry/attacking_the_virus_problem
Comments:

much as i like the thin client model for the savings efforts (i'm installing yet another copy of Windows this week), there are just some problems it's not great at solving - and are must haves for many computer users. iPod, digital camera, etc. there just isn't a good way to satisfy those folks with a thin client model. in the enterprise, it's the mobility factor, which actually is more addressable than the iPod factor.

Posted by stephen ogrady on August 17, 2005 at 10:08 AM PDT #

I agree that this is true *today*. However, these are problems that can be (easily) solved with R&D if consumers asked for it and the industry built it. The industry could move in that direction.

Thin client, IMHO, supports the mobility factor. The thin client is just a window into the backend. In fact, if the infastructure were built to thin clients, users would be more mobile than if they had laptops (IMHO). The tadpole comet is an abstract example. It's not a generic solution today, but moving in that direction is a good thing. It's probably not a good arcade gaming solution, but that's what Xbox and PS2 are for (IMHO).

Posted by John Clingan on August 17, 2005 at 10:30 AM PDT #

After reviewing over 1,000 "incident" reports on the icat database I can say with near certainty that there is a critical difference between attacks on windows and attacks on Unix. The difference is this: Unix attacks almost always start with some form of legal access and seek to upgrade permission levels "illegally." Windows attacks almost always assume only network access to the target machine. Of course if you have legal access to a windows machine you own it - but the difference goes much deeper than that. My fundamental conclusion (see http://www.winface.com/insider.html for august 4/04 for published comments) is that windows attacks and unix attacks are drawn from different populations - i.e. popularity is not the driving factor, ease is.

Posted by Paul Murphy on August 17, 2005 at 11:17 AM PDT #

John, even if hackers started to target Unix, they wouldn't EVER be as sucessfull.
ANY Unix system is much more controlable than any windows. Just checking the error messages in a windows system is a hell where you have to click on each message you want to see. Compare that with cat, grep and awk and the power of observability.
You didn't wanted to make this a Windows bashing post, I can understand that but, objectivelly, windows simply isn't in the same league (at least where security is concerned) than the worst Unix out there.

Posted by Jaime Cardoso on August 17, 2005 at 11:50 AM PDT #

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed