A couple of weeks ago at the RSA Conference, Microsoft revealed it is taking a new approach to computer security called “behaviour blocking”.
This actually isn’t a new idea — Cisco Systems and Network Associates use this concept today — but in Bill Gates’ conference keynote address (something Gates usually turns into a marketing pitch) he said: “You can really think of this as taking the notion of secure by default to the next level.” Unfortunately, Gates offered no details of the technologies to be used or when they might appear.
But we can’t wait for protection from all the threats that face us. Just consider what would happen if a virus appeared tomorrow that capitalized on some obscure, hidden code in the Windows kernel that let it infect any machine it could connect to. Now let’s further suppose that at a set time the virus trashes every infected machine’s registry or maybe deletes the host PC’s file allocation table.
“Couldn’t happen!” you say? How do you know it hasn’t already happened and that the trigger data just hasn’t been reached yet? What if that date is tomorrow?
Whatever this threat exactly is or whenever it might do it, we would have a catastrophe in the making. The scale of the problems this could cause would be staggering — booking systems down, point-of-sale systems dead, back-end systems offline — it would be a disaster of biblical proportions.
In the 1800s when the railroads were being developed, it wasn’t obvious at first that they would become cultural infrastructure. The same applied to the telephone system and the gas and oil industries, the power supply industry and on and on. We noticed that it was necessary for us to elevate these products and services to the status of cultural infrastructure and regulate them. We created a regulatory structure to ensure the integrity of services for the benefit of the people.
Therein lies the problem with Windows. It has gone beyond being just a product and has evolved through its success into cultural infrastructure. And now it needs regulation.
While I, like you, dislike government interference in general, just think of what things would be like without regulation. Think telephone service is bad now? Deregulated telephone service probably would be a nightmare. A nightmare rather like the situation we could be in unless Microsoft gets security right or we take charge and make the software company get it right. Howls of protest or wild cheering to Sandra_Rossi@idg.com.au