.: Why Easy To Use Software Is Putting You At Risk
Category:Home / Computers / Software
Can Easy To Use Software Also Be Secure
----------------------------
Anyone who has been working with computers for a long time will have noticed that mainstream operating systems and applications have become easier to use over the years (supposedly). Tasks that use to be complex procedures and required experienced professional to do can now be done at the push of a button. For instance, setting up an Active Directory domain in Windows 2000 or higher can now be done by a wizard leading even the most novice technical person to believe they can "securely" setup the operating environment. This is actually quite far from the truth. Half the time this procedure fails because DNS does not configure properly or security permissions are relaxed because the end user cannot perform a specific function.
If It's Easy To Develop, Is It Also Secure
--------------------------------------------------
One of the reasons why operating systems and applications "appear" to be easier to work with then they use to is developers have created procedures and reusable objects to take care of all the complex tasks for you. For instance, back in the old days when I started as a developer using assembly language and c/c++, I had to write pretty much all the code myself. Now everything is visually driven, with millions of lines of code already written for you. All you have to do is create the framework for your application and the development environment and compiler adds all the other complex stuff for you. Who wrote this other code? How can you be sure it is secure. Basically, you have no idea and there is no easy way to answer this question.
Secure Environments Don't Exist Well With Complexity
----------------------------
The reality is it may look easier on the surface but the complexity of the backend software can be incredible. And guess what, secure environments do not coexist well with complexity. This is one of the reasons there are so many opportunities for hackers, viruses, and malware to attack your computers. How many bugs are in the Microsoft Operating System? I can almost guarantee that no one really knows for sure, not even Microsoft developers. However, I can tell you that there are thousands, if not hundreds of thousands of bugs, holes, and security weaknesses in mainstream systems and applications just waiting to be uncovered and maliciously exploited.
How Reliable and Secure are Complex Systems?
----------------------------------------------------------
Let's draw a comparison between the world of software and security with that of the space program. Scientists at NASA have know for years that the space shuttle is one of the most complex systems in the world. With miles of wiring, incredible mechanical functions, millions of lines of operating system and application code, and failsafe systems to protect failsafe systems, and even more failsafe systems to protect other systems. Systems like the space shuttle need to perform consistently, cost effectively, and have high Mean-Time-Between-Failure(MTBF).
All in all the space shuttle has a good record. One thing it is not though is cost effective and consistent. Every time there is a launch different issues crop up that cause delays. In a few circumstances, even the most basic components of this complex system, like "O" rings, have sadly resulted in a fatal outcome. Why are things like this missed? Are they just not on the radar screen because all the other complexities of the system demand so much attention? There are million different variables I'm sure. The fact is, NASA scientists know they need to work on developing less complex systems to achieve their objectives.
This same principal of reducing complexity to increase security, performance, and decrease failures really does apply to the world of computers and networking. Ever time I here associates of mine talk about incredibly complex systems they design for clients and how hard they were to implement I cringe. How in the world are people suppose to cost effectively and reliably manage such things. In some cases it's almost impossible. Just ask any organization how many versions or different brands of intrusion detection systems they have been through. As them how many times the have had infections by virus and malware because of poorly developed software or applications. Or, if they have ever had a breach in security because the developer of a specific system was driven by ease of use and inadvertently put in place a piece of helpful code that was also helpful to a hacker.
Can I Write A Document Without A Potential Security Problem Please
-----------------------------------------------
Just a few days ago I was thinking about something as simple as Microsoft Word. I use MS-Word all the time, every day in fact. Do you know how powerful this application really is? Microsoft Word can do all kinds of complex tasks like math, algorithms, graphing, trend analysis, crazy font and graphic effects, link to external data including databases, and execute web based functions.
Do you know what I use it for, to write documents. nothing crazy or complex, at least most of the time. Wouldn't it be interesting that when you first installed or configured Microsoft Word, there was an option for installing only a bare bones version of the core product. I mean, really stripped down so there was not much to it. You can do this to a degree, but all the shared application components are still there. Almost every computer I have compromised during security assessments has had MS-Word installed on it. I can't tell you how many times I have used this applications ability to do all kinds of complex tasks to compromise the system and other systems further. We'll leave the details of this for another article though.
Conclusion
----------
Here's the bottom line. The more complex systems get, typically in the name of ease of use for end users, the more opportunity for failure, compromise, and infection increases. There are ways of making things easy to use, perform well, and provide a wide variety of function and still decrease complexity and maintain security. It just takes a little longer to develop and more thought of security. You might think that a large part of the blame for complex insecure software should fall on the shoulders of the developers. But the reality is it is us, the end users and consumers that are partially to blame. We want software that is bigger, faster, can do just about everything, and we want it fast. We don't have time to wait for it to be developed in a secure manner, do we?
You may reprint or publish this article free of charge as long as the bylines are included.
Original URL (The Web version of the article)
------------
http://www.defendingthenet.com/NewsLetters/WhyEasyToUseSoftwareIsPuttingYouAtRisk.htm
Article keywords: Insecure software, security holes, software attacking viruses, application backdoors, poorly developed software, application failures, complex applications
Article Source: http://www.articles32.com
About The Author
----------------
Darren Miller is an Information Security Consultant with over seventeen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@defendingthenet.com. If you would like to know more about computer security please visit us at www.defendingthenet.com.
.: New Software Articles
1). What Your Spouse Might Not Want You To Know
Is your spouse or significant other extremely secretive about their computer habits?
2). Why Buy Anti Spyware Software When I Can Download it Free?
Many Spyware software packages are being sold on the Internet. Many other packages are listed for free. Why should you pay for something that might be free?
3). Free Spyware Adware Remover
Computers need routine maintenance as well as systems checks in order to be in good condition at all times. This can be done by getting the proper software or sending the unit to the shop.
4). Getting Free Internet Security for Your Computer
Surfing the Internet nowadays can be very dangerous. With all the viruses, spywares, adwares, identity thieves and hackers circulating for surfers to victimize, opening and downloading an attachment sent by your friend can be very scary.
5). What Are Your Children Doing Online?
In the Internet age, our children use the computer as much as or maybe more than their parents do. Kids use the Internet to do homework, play video games, converse with their friends and more.
6). Safe Guard Your Critial Business Documents
All types of commercial places, whether in the private, public or the government sector are now increasingly using computers for various possible functions.
7). How Folder Hider Software Works
Nowadays, a computer is being increasingly used in all types of settings, whether it is an office, a corporate house or domestic settings.
.: Top Software Articles
1). Track Your MySpace Profile Visitors
I know that everyone who is on MySpace has had the same burning questions that I’ve had. How can I see who has viewed my MySpace profile? Where can I find a MySpace Tracker? Since MySpace has become so popular, so have the MySpace profile stalkers. Could be your friends, neighbors, ex-boyfriends or ex-girlfriends, or even someone you don’t even know.
2). Discover Mozzila FireFox Browser -and How to Install Extensions
Discover Mozilla FireFox Extra Features – Extensions and How To Install Them
If you are still not using any other web browser then FireFox (no matter what OS you are using) you are endangering the security of your computer and missing out on a much richer surfing experience.
One of Mozilla FireFox browser most powerful feature is the possibility to install extensions.
3). PsP Software Downloads – Review for PsP Blender
PsP software downloads is a very good way to get new software for your psp hand held. You can get psp movies from many different websites. Most of these sites include psp music downloads, psp movie downloads and psp software downloads and of course PsP Games. Many of the databases are different from one site to another. Some sites offer a wide variety of different choices.
4). Tutorial - Enabling IIS 5.1 on Windows XP Pro
Windows XP Home Edition does not support IIS
1. You may need to put your Windows XP Pro CD into the PC.
2. Go to Control Panel, ‘Add Remove Programs’, then ‘Add/Remove Windows Components’. In the Windows Components window, place a check mark
beside ‘Internet Information Services (IIS)’, then click next, then click finish.
3. During installation, Windows creates a directory at C:inetpubwwwroot and places a few files there.
5). PsP Software – Review of Software Download Sites
PsP handhelds are one of the newest and most fun ways to play games, watch movies and listen to music. PsP software downloads are just some things that you can do to improve your psp. PsP software downloads are fun and easy.
There are many places on the net were one can find psp software downloads. Some sites have you pay per download and sometimes charge up to a couple dollars for each download.
6). What To Do When Windows Fail To Boot
Copyright 2006 Otis Cooper
When Windows fails to boot it is normally caused by you installing a program or device and it has caused a conflict with one or more other programs.
This will no doubt give you plenty of heartaches if you're not certain which program caused Windows to not boot up.
If you recently installed a program or application and know where it was installed,you may be in much better shape as for as correcting the error.
7). SQL Server 2000 Data Types
SQL Server requires that each variable and column in a table should be defined with respect to the type of data it will store. From a bit to a huge image and binary storage types, the allocation is supposed to help the user conform to the data required, and help the engine allocate space and processing speed efficiently.
Built-in data types
SQL.