Truth About Computer Security Hysteria
Gates lost — because I didn't file an amicus curiae
Rob Rosenberger, Vmyths co-founderWednesday, 17 November 1999
I FINALLY DIGESTED judge Jackson's Microsoft Trial Findings of Fact. Three excerpts stand out from a computer security perspective, so let's tackle them in order. First up:
[para #174] Microsoft has unjustifiably jeopardized the stability and security of the operating system... [They] made it easier for malicious viruses that penetrate the system via Internet Explorer to infect non-browsing parts of the system.
| You can't blame an individual element like Microsoft for a common threat posed by the Internet. It's like blaming one cloud for the threat of a hurricane. |
Java or Linux or whatever comes next will give us even more homogeneity, which in turn will foreshadow greater common threats. What difference does it make if Microsoft paved the way a little bit? You can't blame an individual element for a common threat, folks — it's like blaming one cloud for the threat of a hurricane.
Let's move on. Judge Jackson chimed in with an interesting "fact" about consumer-driven security desires:
[para #197] Consumers recognize that the Web contains ... viruses that are capable of causing devastating and irreversible harm to their security and privacy interests. Accordingly, consumers prefer, and benefit from, innovations in Web browser technology that help them identify and avoid harmful Web resources.Consumers want innovative security in non-security products? His Honor overlooks reality. GartnerGroup, for example, recommends clients avoid innovation even in genuine security products. A PC Magazine reviewer said basically the same thing earlier this year. I could bore judge Jackson to tears with anecdotes like this. When it comes to security, users react like those sheep in the movie "Babe." Fear drives sales, not innovation.
Symantec, Network Associates, and other antivirus firms know what consumers want in a product. They want to see great-looking boxes on store shelves! Software marketing teams (I didn't say "antivirus marketing teams") do everything they can to attract your eye as you walk through the aisles. Judge Jackson should go to Best Buy, pick up a useless cardboard container of antivirus software, and study it.
| Bill, Bill, Bill. Did your lawyers offer these counter-arguments? If I need to file a "friend of the court" brief, just let me know... |
(Yeah, like I should talk about innovation. I still run DOS & Win31 on my personal systems. In my defense, I don't lose sleep about computer security — and I've used "innovative" products from Command Software, Stiller Research, FoundationWare, and some other firms you never heard of.)
Okay, let's continue:
[para #198] Far from demonstrating that Internet Explorer is currently a "best of breed" Web browser, the evidence reveals Microsoft's awareness of the need for continuous improvement of its products. For example, Microsoft frequently releases "patches" to address security and privacy vulnerabilities in Internet Explorer as they are discovered. In sum, there is no indication that Microsoft is destined to provide a "best of breed" Web browser that makes continuing, competitively driven innovations unproductive.Again, I fail to see how judge Jackson's argument leads to this conclusion. His Honor implies a best-of-breed product needs little improvement, and he further implies a best-of-breed product needs little security tweaking. Bah! All major products undergo constant improvement, folks. All major products contain security flaws.
| Computer security experts don't recommend daily updates for Internet Explorer, Your Honor... |
By His Honor's logic, no security product can call itself a "best of breed." They constantly undergo improvement, they require numerous updates, and they need security patches.
Man, I hope Gates didn't lose this round because I failed to submit an amicus curiae. Did Microsoft's lawyers present these counter-arguments to the court?