Microsoft Outlook versus "real" Security TCO
The Washington Post has listed a new virus that is targeting EBay users. What I find interesting in the description, is that here is an example of the general media finally becoming aware that not all viruses infect all computer systems. Here's the quote, with my emphasis:
EBay users are being targeted by a new computer virus called Cayam that asks recipients for credit and personal information, security-software maker Network Associates said. The program affects computers running Microsoft Windows and Outlook. The worm tries to get user information by sending a fake eBay e-mail that says billing information is out of date.
Eric S. Raymond, President of the Open Source Initiative and all-around OSS proponent has spoken about how OSS understands security. He made the following remarks while speaking to a group of Prudential Securities investors. I've copied a few paragraphs, because it is a clear explanation of why a PKI model is true security, and any reliance on obfuscation and algorithms just isn't sufficient.
And closed-source software has a very high intrinsic vulnerability to security problems. Why is that? Well, now I'll get into the causal explanation. More than 100 years ago there was a Dutch military cryptographer named Kerckhoff. Before computers, before electronics even, he studied military cryptographic systems back in the day when that meant signal towers and mirrors and stuff like that. And what he noticed was that in order for any crypto system, any code system to be really secure, it had to depend only on the secrecy of its keys, not the secrecy of its methods. That is relying for your security system on the implementation method, on the code, as it were, being secret is a short route to disaster.
The Germans found this out in World War II. They had a top-level military and diplomatic cipher called Enigma, and they relied for the security of Enigma on the fact that nobody knew how the machine that did the enigma encryption was constructed. Well, the allies were able to read their codes because they were able to use some patterns in the traffic, repetitive headers in military radio messages to slowly deduce the construction of the machine. And once they were able to do that, they were able to crack the codes and read them pretty much at will.
The same lesson actually applies to software. If you rely on the secrecy of your code as opposed to the secrecy of your passwords, what happens is the normal operation of code leaks information about its internals, even if the bad guys aren't smart enough to get their hands on a copy of the source code, which they often are. The normal operation of code leaks information about its internals. Eventually you can reconstruct enough about what's going on inside to crack it.
What's great about open source is that it forces people implementing security systems not to take the bogus path — the doomed path — of relying on the secrecy of the code. And that's why open source is more secure than closed source because, in effect, it forces people to do the right thing, which is to rely only on the security of the keys.
When I have the opportunity, I explain why IBM/Lotus Domino has no viruses. Every piece of code has a cryptographic signature which establishes whose authorship is trusted and whose is not. So, in reference to my earlier blog on TCO, why isn't the downtime and expense of virus containment figured into these cost models?
- 
