Technocrat.net: Risk, Risk Avoidance, “The Love Bug” and Microsoft

[ Thanks to Bruce
for this link. ]

“With the recent “Love Bug” attack there have been many people
calling for a serious re-examination of computing policy with
regards to Microsoft. This article is an examination of the issue
of increased risk without any accompaning business benefit and how
such an action normally is seen as a managerial act that icurrs

“For a computer virus to function as a computer virus it needs
to have several criteria satisfied. The most important of these
criteria is that the virus must reside on a host computer with a
known configuration. That is, every virus is written to a
particular “target platform.” In the current environment, the
best target platform is an Intel-compatible PC running Microsoft
Windows or NT as the OS, Microsoft Exchange as the mail system, and
Microsoft Office as the document handling system.”

“…businesses can take steps to make their computing
environment more secure and less common. By replacing one or more
of the OS, the Mail System , or the document handling system with
non-Microsoft products, businesses can make it far less likely that
their computers will be adequate hosts for future viral attacks. To
truly mitigate the business risk associated with computer viruses,
serious consideration should be given to having no Microsoft
products on systems at all.”

“There is really a single point to this article: using all
Microsoft components on a computer system is a bad design choice.
The reason for this is that this combination, of all reasonable
combinations, provides an insecure system that is highly
susceptible to viral attacks. Such attacks are common and occur
with enough regularity and predictability that continuing to use
such a combination can, and perhaps should, be seen as an
intentional incurring of unnecessary business risk. At the very
least, the choice to use all Microsoft products is a choice to
substantially increase one’s total cost of ownership for no
increased benefit. At the worst, it is a managerial failure that
may incur legal liabilities.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis