ShowMeLinux.com: MS Security & Hacking... A More Informed Community, or More Bars on the Windows?Dec 05, 2000, 18:56 (2 Talkback[s])
(Other stories by Derek Jamensky)
[ Thanks to Derek Jamensky for this link. ]
"Lesson learned in elementary school: The quickest way to make anybody suspicious of you is to tell them that you are keeping a secret from them. Apparently, this simple lesson is lost upon the commanders and demagogues at Microsoft. They maintain that secrecy is the answer to greater security, which just also happens to contribute to their fiscal bottom line. In light of the recent break-ins at Microsoft's HQ, let's examine this a little further."
"Along with the inevitable drive for ever-higher corporate profit, a misguided sense of what security is drives proprietary software development and the secrecy practices of large software corporations. Microsoft assumes that the less you know about their products, the better. This ignorance helps them to maintain their market dominance, as they try to muddle the public's brains with the argument that secrecy is good for security. If it' s not public knowledge, then anybody who knows about it should be working for Microsoft. And you can trust them, right? Microsoft technicians have their back doors to potentially every Windows system on the planet, and we are supposed to trust that they use this knowledge in accordance with the law and certain ethical standards -- which we generously assume every time we install Windows into a network."
"The recent Microsoft cracks should do two things (at least). First, they will further erode Microsoft's credibility in the security department -- if they can't secure their own networks, then why should anybody believe their claims about security at all? The other thing the hacks should illustrate is the flaw of closed-sourced model of software development. It's nice to keep secrets because it makes you more profits, but it also makes you a target, and it makes everyone less secure in the end. There's safety in numbers, not secrecy."
0 Talkback[s] (click to add your comment)