Technocrat.net: Risk, Risk Avoidance, ``The Love Bug'' and MicrosoftMay 18, 2000, 18:13 (3 Talkback[s])
(Other stories by David Wagle)
[ Thanks to Bruce Perens for this link. ]
"With the recent "Love Bug" attack there have been many people calling for a serious re-examination of computing policy with regards to Microsoft. This article is an examination of the issue of increased risk without any accompaning business benefit and how such an action normally is seen as a managerial act that icurrs liability."
"For a computer virus to function as a computer virus it needs to have several criteria satisfied. The most important of these criteria is that the virus must reside on a host computer with a known configuration. That is, every virus is written to a particular ``target platform.'' In the current environment, the best target platform is an Intel-compatible PC running Microsoft Windows or NT as the OS, Microsoft Exchange as the mail system, and Microsoft Office as the document handling system."
"...businesses can take steps to make their computing environment more secure and less common. By replacing one or more of the OS, the Mail System , or the document handling system with non-Microsoft products, businesses can make it far less likely that their computers will be adequate hosts for future viral attacks. To truly mitigate the business risk associated with computer viruses, serious consideration should be given to having no Microsoft products on systems at all."
"There is really a single point to this article: using all Microsoft components on a computer system is a bad design choice. The reason for this is that this combination, of all reasonable combinations, provides an insecure system that is highly susceptible to viral attacks. Such attacks are common and occur with enough regularity and predictability that continuing to use such a combination can, and perhaps should, be seen as an intentional incurring of unnecessary business risk. At the very least, the choice to use all Microsoft products is a choice to substantially increase one's total cost of ownership for no increased benefit. At the worst, it is a managerial failure that may incur legal liabilities."
0 Talkback[s] (click to add your comment)