Feeds

‘The clueless users who refuse to upgrade’

Faith no more

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

Opinion Microsoft can end the scourge of e-mail viruses by ending its support for old software, and the clueless users who refuse to upgrade, writes SecurityFocus columnist Tim Mullen.

Well here we go again.

We are suffering through yet another email-borne virus (this one called Novarg) whose infection has reportedly trumped out all others in the infamous history of malicious computer code.

Was the vector some l337 0-day 'sploit? Nope. Was it a complex multi-layer program leveraging several unpatched vulnerabilities? Nope. It was -- wait for it -- an executable attachment in an email. What genius! The author of Novarg (or MyDoom, or whatever you want to call it) really put his noodle to the test when he cooked this one up, huh?

I would like to think that in this day and age people would know better than to open executables in an e-mail. I'd also like to be able to flap my arms and fly to the moon. Opening attachments in e-mail is one par with group needle-sharing after having unprotected sex in a Third World orgy. Yet, with an estimated 30 per cent [peak] of world-wide e-mail traffic being Novarg, it is clear that millions are willing to blindly point-and-click their way into infection while a tempest of white noise rages in the part of their brain where conscious thought should be.

When events like this occur, it really makes me question my faith in education as a means of mitigating security issues. As much as I want to believe that we can teach people about computer security, it looks as though it may be a pipe dream after all. A mere month after my "Resolutions" column called for patience and understanding in user training, I'm ready to throw in the towel. Looks like I was wrong.

Many will be quick to point out that it is Microsoft's "crappy code" that allows people to open attachments in the first place, but let's take a look at that: all "recent" Microsoft software does not, in fact, allow one to do so-- not easily, anyway. Outlook 2000's "e-mail security patch" was released almost four years ago. And though still officially supported, that product is three major versions in the past. Security years are like dog years, so this is like using a product made back in 1976.

The only thing in my house that was around in '76 is me, and possibly that pink fuzzy thing in my refrigerator.

So what is the solution when you have stupid people using old software? We can't really get rid of the stupid people, so I think it is time that the old software gets the boot. The problem is that Microsoft is still supporting these legacy clients.

Bill and Steve, I have utmost respect for you and your business knowledge, but it is time you kicked these people through the goal posts of life and score some points for your "real" costumers-- us.

All of the good light Microsoft is shining on security gets totally overcast when virus/worm outbreaks like this happen. And the people like me who faithfully spend time and money to follow in the upgrade path still suffer from the inaction of those who choose to stay behind.

Microsoft is making great strides toward product security, and I'm proud to be part of the movement. But now it is time to fully commit to security by stopping support for products that can't be secured. If clients are still using Windows 9x along with the associated legacy support software, it should be a pretty good indication that they are not really interested in paying for decent software security.

So stop being a co-dependant in their addiction to cheapness. Stop dating these people if you're not getting a kiss on the doorstep. Stop letting them use the bathroom in the same place where the rest of us have to eat.

Product support and security is not Social Security. The money I spend today should not be used to help those of the generation before when they don't want help or don't know they need it. I know that the repercussions of this would be far reaching, and I am not ignorant of the enormous undertaking it would be to pull it off, but I think the numbers speak for themselves.

"When" is now, and it is time we said it.

Copyright © 2004, 0

Timothy M. Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer of secure, enterprise-based accounting software. AnchorIS.Com also provides security consulting services for a variety of companies, including Microsoft Corporation.

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.