Climate change


Some simple logic that is causing me to furrow my brow. Please, if you can refute one of my premises or dispute any of my conclusions then let me know.

Thinking about Microsoft Windows, Microsoft Internet Explorer and Microsoft Office:

(1) Security vulnerabilities continue to be found in these products today

(2) Forthcoming releases of these products are subject to the same patches as the current releases

THEREFORE (1+2)

(A) Unpatched vulnerabilities still exist in current and future versions of these products.

Now,

(3) Security patches, virus checkers and firewalls protect against known vulnerabilities

THEREFORE (A+3)

(B) We have no protection against an exploit of an unpatched vulnerability.

Furthermore,

(4) Microsoft Windows and Microsoft Office have around 100% market share on the corporate desktop

(5) Many people and organizations have a financial or political interest in attacking or threatening to attack wealthy corporations.

(6) Some of these organizations have substantial resources to mount a sophisticated attack

THEREFORE (B+4+5+6)

(C) There are organizations planning to attack the corporate desktop using an unpatched vulnerability for financial or political gain.

(D) There is considerable risk of a severely damaging attack

What is perplexing me is the unwillingness of any corporation I know to do something about this. I am talking about an attack that could threaten the viability of a major global corporation. Top headline on the evening news. Pundits talking domesday scenarios.

Some organizations have publicly announced moves to an open source desktop platform (Telstra, City of Munich etc.) but this has always been for cost reasons.

Why isn’t this the most talked about issue in IT? The only reason I can think of is the analogy with climate change:

(a) the threat increases slowly, and there is no natural trigger for action
(b) the cost of mitigating the threat is substantial
(c) the mitigation is not guaranteed to work
(d) the cost is incurred today and the benefit is gained tomorrow or the day after
(e) it is boring

I want to discuss this some more. Any contributions gratefully received.

Advertisements

8 Responses to “Climate change”


  1. 1 Lawrence September 14, 2006 at 11:44

    Well then in that case, I agree! Provided that the potential set up is valid, I’d just say it’s a simple equation. costOfDesktopDr

  2. 2 Dominic Sayers September 14, 2006 at 08:45

    I know that the risk capital set aside for dealing with this scenario is substantially more than a couple of million at at least one investment bank. You have to consider not only two or three days worth of the annual profits from the trading floor but also the positions that they cannot unwind, the loss of reputation and the regulatory breaches they would commit.

    The potential loss is several orders of magnitude bigger than you suggest.

  3. 3 Lawrence September 13, 2006 at 14:16

    Interesting idea. Obviously switching wholescale to a Linux (or whatever) desktop leaves you exposed to the same principle of problems (although the probability might be less). So would you need a ‘DR’ desktop/office suite to cover the whole company?

    Safety Critical Systems get all the focus when it comes to built in redundancy and defense, but really it’s all risk and finacial assessment. If a shuttle blows up it costs billions of dollars in lost equipment, trust and face (not to mention, you know, life). If an investment bank can’t trade for a day or two, you’re talking what, a couple of million?

  4. 4 Dominic Sayers September 12, 2006 at 16:14

    I haven’t read Fight Club but I guess I should based on your quote :-)

    Bear in mind that all previous outbreaks that affected large corporates began at the weekend and had no destructive payload. I strongly believe that an exploit carrying a destructive payload and released during business hours would have done serious damage before anybody could get a patch deployed. Slammer infected most of the world’s SQL Servers within about 10 minutes if I remember correctly.

    We manage the technology environment within a corporate business so that we remove heterogeneity. There are enough vulnerable common components, including Windows and Microsoft Office themselves, that a pandemic is highly likely.

    IMHO, of course.

  5. 5 Matt September 12, 2006 at 15:38

    I believe that there exist people both within and outside Microsoft who can come up with a patch that quickly, yes. Whether a behemoth like Micrsoft can distribute it that fast is a different matter. But so what if they can’t? We just go back to previous last good version of apps and last saved/backed up copies of files. It’s not a big deal. The technology environment has become so heterogeneous that any malicious virus could only affect a tiny part of it.

    The quote was just a joke – it’s part of Tyler Durden’s manifesto in Fight Club before he executes his plan to destroy the financial system.

  6. 6 dominicsayers September 12, 2006 at 14:51

    Matt – I think you’re talking about vulnerabilities for which a patch already exists. I’m talking about a vulnerability for which there is no current patch. You think Microsoft can write a patch, distribute it and you can deploy it all within a few hours?

    Where is the quote from? The Saxons had farmsteads within the city walls of Londinium.

  7. 7 Matt September 12, 2006 at 14:30

    “In the world I see you’re stalking elk through the damp canyon forests around the ruins of Rockefeller Center. You will wear leather clothes that last you the rest of your life. You will climb the wrist- thick kudzu vines that wrap the Sears Tower. You will see tiny figures pounding corn and laying-strips of venison on the empty car pool lane of the ruins of a superhighway.”

    But seriously … a Microsoft virus isn’t going to bring the corporate world crashing down. We’ve seen the effects of damaging viruses/worms and there’s some inconvenience for a few hours until patches are deployed and infected machines cleaned up. There’s far too much resilience built into systems and practices to cause catastrophic damage.

  8. 8 Eric Shafto September 11, 2006 at 19:12

    Trite and cynical but no less true for all that: You don’t get fired or sued for following industry best practice. Yes, a day-zero exploit has the potential to be devastating, and yes, the enterprise generally has few tools in place to mitigate the effects of such an attack.

    If a widespread, catastrophic attack were to take place, a few months later we’d be reading profiles of those courageous few IT managers that had the foresight to institute radical change and managed to survive the crisis unscathed.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s





%d bloggers like this: