Project MAC, where we met S at MIT A the Software Arts building where we worked together T and the attic N where VisiCalc was written
Other writings on our personal sites:

RSS Feeds:



Comments from Frankston, Reed, and Friends

Wednesday, August 20, 2003

BobF at 1:53 PM [url]:

Viruses, Trust and Complacency

I'm writing this in response to news stories that cite "expert" advice that say that the only way to respond to the latest viruses and other dangers of computing is to cower behind the castle walls.

I can't help but think of the French before World War II feeling safe and complacent behind the Maginot Line. The most dangerous attacks are human factor attacks such as email from a trusted friend telling you to run a program to protect yourself from a virus.

What makes this problem worse is that because the firewall gives the illusion of security it takes only one naive user on a corporate (or other) network to bring down the entire network. Without a firewall each machine would have to be responsible for its own security and compromised systems won't automatically propagate problems to the entire network.

But what does a computer firewall do? It blocks messages between machines. MSBlaster uses the "DCOM" port which is fundamental to computers working together -- if you block that port programs like Exchange can't work. The "solution" is to move all the remote calls to the same port used by the web so you can't distinguish between web activity and a remote call. All that does is up the ante so that you will have to block all web use in order to "protect" the computers.

What's worse is that in order to get any work done we must find ways to create passages through the firewall. The VPN (Virtual Private Network) allows people to "safely" connect their home computer to the corporate network. In reality it is a mechanism for defeating the firewall in order to get work done but it means that the kid (of any age) running a malicious screen saver has entr´┐Że to the entire corporate network. One can ban people from working outside the corporate offices but that doesn't help because that same screen server works fine in the office too. There is also a heavy cost in limiting the ability for people to do work.

Fundamental to the problem is a tragically naive model of trust -- one that says you either trust people (and software) or you don't and if you trust them you give them full and unfettered access to all of your computer and information and data. Instead of "trust and verify", it's "blind trust". The most important feature of the early web browser was the lack of naive trust -- it expected the site you were viewing to be badly formed and even malicious but at least it was simple and you could understand the HTML so the browser could indeed verify the text. Not only did this protect you but it allowed others to learn by doing -- you could take responsibility for protecting yourself while we could all experiment and innovate and create the economic value that we still enjoy even "post-bubble".

Putting a bigger wall around a computer while still being naively trusting only creates a compelling opportunity for exploiting trust and until we have the ability to run buggy and malicious software without undue harm we will see increasing fear of using computers and that would be the real tragedy.

People also have to become literate -- the viruses are an automated version of the old cons but most people don't have the computer equivalent of "street smarts". The firewall may indeed provide some protection against outsiders but makes one as vulnerable as the most naive fellow citizen or employee.

Unfortunately because machines are so vulnerable there is some value in blocking some of the traffic temporarily but we must recognize the price we pay in terms of productivity and complacency and failing to address the root problem of having to trust but being unable to verify.

PS: While I do use the term "firewall", it's not really the proper term for perimeter defenses like the Maginot Line and castle walls. We have a firewall in our cars which protects the driver in case the engine catches on fire. It's a backup line of defense in case one of our own systems fails. It isn't there to prevent us from using the engine to move the car.

For more, see the Archive.

© Copyright 2002-2008 by Daniel Bricklin, Bob Frankston, and David P. Reed
All Rights Reserved.

Comments to: webmaster at satn.org, danb at satn.org, bobf at satn.org, or dpreed at satn.org.

The weblog part of this web site is authored with Blogger.