Incompetent Security

Every day, sometimes twice, Microsoft sends me new software and software tables to patch its vulnerabilities in Windows to security threats such as viruses. Imagine if your burglar alarm company had to send a man out twice a day to fiddle with your security system to patch newly discovered holes in it. That very fiddling in itself is a massive security hole.

The essential problem is Windows, the Internet, email, the computers in automobiles, even the CPU (Central Processing Unit) chips were originally designed without any concern whatsoever for security, then, ever since, the designers have been cooking up kludges (bailing wire solutions), to patch the latest problem.

woodpecker

What we are doing now could be compared to trying to make an outhouse resistant to an atomic bomb without changing any of the original structure and insisting on leaving the original holes for a good view and ventilation.

As Gerald Weinburg put it, If builders built buildings the way programmers write programs, then the first woodpecker that came along would destroy civilization.

I have been ranting about this since the early 1980s. What is needed is so drastic, that everyone blanches at the thought, but the longer we wait, the more expensive the cure will be. Homo procrastinatus will wait until a terrorist attack completely shuts down Western civilisation before getting on with it. We need a complete redesign of our computer systems including the computers, the CPUs (Central Processing Units), the operating systems, the Internet, email, how electronic funds are exchanged… I have been writing essays and posts for many years on how to do it. Fixing the problem has always been within our technological grasp, but is too disruptive and costly to consider. Further, companies like Symantec-Norton make their living providing temporary fixes to the ineptness of the basic design. If they ever succeeded in permanently plugging the holes, they would go out of business. Private enterprise can’t tackle such a huge project.

We will probably wait until AI (Artificial Intelligence) is smart enough to do the job for us, including the difficult job of selling people on giving up their primitive systems.

The new world will be totally different. No viruses, no spam, no Trojan horses, no spying, no installing software, no passwords, no id cards, no keys (though there will still be locks), no logging on, no spoofing, no electronic vulnerability of the power grid, the defence grid, the banking system… Put simply, computers will simply work reliably the way you would expect them too. The security will be built-in and transparent. You will not even notice it working.

~ Roedy (1948-02-04 age:70)