Musings from Mars Banner Image
For Software Addicts: Yes!MaybeNah!
Articles In Category <em></em>

Articles In Category

August 15th, 2012

Utility Lock: Freeware Menubar Utility Provides Screen Locking with a Keystroke

June 4th, 2010

Google Ditching Windows?

December 9th, 2008

Virtually Every Windows PC at Risk from Malware

March 28th, 2008

Mac Hack Makes for Good Headlines, But…

March 25th, 2008

Microsoft admits it knew about, didn’t patch, bugs

February 4th, 2007

Sandbox: A Free GUI for Managing Mac OS X ACLs

February 3rd, 2007

Bill Gates Still Telling Hitler-Style Big Lies

February 1st, 2007

1Passwd: Unify Password Support Across All Browsers

November 17th, 2006

MacSlash | Why Are Macs More Secure?

October 11th, 2006

Apple, Microsoft and the War Mentality

September 24th, 2006

A Clear Explanation for Why Windows Is More Vulnerable To Malware Attack Than Mac OS X

September 24th, 2006

John Gruber on Apple’s New AirPort Security Update

September 24th, 2006

Macs Are Inherently Safer for Data Storage

September 15th, 2006

Fugu: An Award-Winning, Open Source Secure FTP Client

August 3rd, 2006

Cracked MacBook: Gleeful PC Zealots Once Again Try To Put Mac OS X Down

July 31st, 2006

Protecting Windows: How PC Malware Became A Way of Life

Waving the White Flag To the Windows Virus Plague

Ah, computer security training. Don’t you just love it? Doesn’t it make you feel secure to know that your alert IT department is on patrol against the evil malware that slinks in and takes the network down every now and then, giving you a free afternoon off? Look at all the resources those wise caretakers have activated to keep you safe!

  • Virulent antivirus software, which wakes up and takes over your PC several times a day (always, it seems, just at the moment when you actually needed to type something important).
  • Very expensive, enterprise-class desktop-management software that happily recommends to management when you need more RAM, when you’ve downloaded peer-to-peer software contrary to company rules, and when you replaced the antivirus software the company provides with a brand that’s a little easier on your CPU.
  • Silent, deadly, expensive, and nosy mail server software that reads your mail and removes files with suspicious-looking extensions, or with suspicious-looking subject lines like “I Love You“, while letting creepy-looking email with subject lines like “You didnt answer deniable antecedent” or “in beef gunk” get through.
  • Expensive new security personnel, who get to hire even more expensive security contractors, who go on intrusion-detection rampages once or twice a year, spend lots of money, gum up the network, and make recommendations for the company to spend even more money on security the next year.
  • Field trips to Redmond, Washington, to hear what Microsoft has to say for itself, returning with expensive new licenses for Groove and SharePoint Portal Server (why both? why either?), and other security-related software.
  • New daily meetings that let everyone involved in protecting the network sit and wring their hands while listening to news about the latest computing vulnerabilities that have been discovered.
  • And let’s not forget security training! My favorite! By all means, we need to educate the staff on the proper “code of conduct” for handling company information technology gear. Later in the article, I’ll tell you all about the interesting things I learned this year, which earned me an anonymous certificate for passing a new security test. Yay!

In fact, this article started out as a simple expose on the somewhat insulting online training I just took. But one thought led to another, and soon I was ruminating on the Information Technology organization as a whole, and about the effectiveness and rationality of its response to the troublesome invasion of micro-cyberorganisms of the last 6 or 7 years.

Protecting the network

Who makes decisions about computer security for your organization? Chances are, it’s the same guys who set up your network and desktop computer to begin with. When the plague of computer viruses, worms, and other malware began in earnest, the first instinct of these security Tzars was understandable: Protect!
          Protect the investment…
                    Protect the users…
                              Protect the network!

And the plague itself, which still ravages our computer systems… was this an event that our wise IT leaders had foreseen? Had they been warning employees about the danger of email, the sanctity of passwords, and the evil of internet downloads prior to the first big virus that struck? If your company’s IT staff is anything like mine, I seriously doubt it. Like everyone else, the IT folks in charge of our computing systems at the office only started paying attention after a high-profile disaster or two. Prior to that, it was business as usual for the IT operations types: “Ignore it until you can’t do so anymore.” A vulgar translation of this “code of conduct” is often used instead: “If it ain’t broke, don’t fix it.”

Unfortunately, the IT Powers-That-Be never moved beyond their initial defensive response. They never actually tried to investigate and treat the underlying cause of the plague. No, after they had finished setting up a shield around the perimeter, investing in enterprise antivirus and spam software, and other easy measures, it’s doubtful that your IT department ever stepped back to ask one simple question: How much of the plague has to do with our reliance on Microsoft Windows? Would we be better off by switching to another platform?

It’s doubtful that the question ever crossed their minds, but even if someone did raise it, someone else was ready with an easy put-down or three:

  1. It’s only because Windows is on 95% of the world’s desktops.
  2. It’s only because there are so many more hackers now.
  3. And all the hackers attack Windows because it’s the biggest target.

At about this time in the Computer Virus Wars, the rallying cry of the typical IT shop transitioned from “Protect the network… users… etc.” to simply:
            Protect Windows!

Full article

July 14th, 2006

Sophos Expert Thinks Vista Won’t Be More Secure, Advises Switch to Mac

July 14th, 2006

No Less Than Symantec Confirms Superior Security Features of Mac OS X

Posted in:Mac OS X, PC InsecurityTags: , |
July 5th, 2006

Sophos Advises Computer Users To Switch to Mac OS X

June 13th, 2006

ZDNet: Microsoft Presses the Stupid Button (Again… and Again… )

Just Say No To Flash