At 09:58 AM 7/20/2001 +0100, Peter Crowther wrote:
>> Perhaps I am just a crank, but I advise anyone who asks to
>> not use IIS, not use Outlook, and not use Word or Excel to
>> exchange documents, because the security risks (both
>> incoming, in the form of buffer-overrun attacks and
>> VB viruses, and outgoing, in the form of leaked information
>> in my documents) are too high.
>
>Presumably you also advise them to avoid Firewall-1, Oracle, Lotus Domino,
>Eudora, PGP and Cisco routers?  Oh, and any UNIX that uses NFS.

Nobody has asked me about using Firewall-1, Oracle, or Lotus
Domino, nor do I have much experience with them.  Eudora and
PGP don't show up as much in the CERT advisories as the MS
products, so I assume that they are either more reliable,
less attacked, or both.  The one recent (last year or so) hole
that I know of in Eudora was easily patched, and is fixed
in versions of Eudora shipped since then.

For small routers, we currently use Linksys and WinRoute;
I don't know that they are especially secure, but I have not
seen any CERT advisories mentioning them.  They may simply be
different enough that they have not yet been targeted.

Just for reference, see:

http://www.kb.cert.org/vuls/bymetric?open

I think that it's really appalling that there are this
many problems, that they are this severe, and that so
many of them are trivially avoidable (by sensible choice of
programming language, for instance -- Squeak would qualify,
since it should not be vulnerable to buffer overruns).

So, basically, I don't think that the net (or at least,
the nodes attached to it) are really ready for prime-time.
I wouldn't want my medical information sent over the net
(nor does my brother, who manages machines and networks for
a medical school, nor does my kids' doctor), and I sure
don't want our financial infrastructure to depend on the
net (we had a mutually enlightening conversation
with one of my employer's investors about what sort of a
net-catastrophe could be caused by a motivated attacker,
and what that would mean to the running of the country).

The thing to remember is that this is not simple, statistical
risk/reward -- as long as their are actual adversaries (e.g.,
terrorists, nuts, "rogue nations") the greater our reward
from using the net, the greater the risk, because the net
will become that much more attractive a target.  I wish it
were ready for serious use, but it is not.  Till then, whenever
I hear talk of a "cool plug-in" (and Squeak would be --
I have played with it some) I want that plug-in to make things
better (from a security pount of view), not worse.

>But everyone makes risk/reward analyses many times a day

Most of the people making these risk/reward analyses are
not well-informed.  It's not a matter of "they disagree with
me, therefore they must not be well-informed" -- rather, if
I ask them specific "did you know ..." questions, they do not
know, and when I explain it, they are unamused.  My wife
wrote a teaching case with "names changed" in it using Word, and was
not even a little bit happy when she discovered that the original
names were still visible when she emailed it and opened it.

David Chase