Monday, April 12, 2004

Nightmare or regulation, your choice


By Mark Gibbs
Network World, 03/08/04

When does a product or service become so important to our culture that it becomes what you could call "cultural infrastructure"? By that I mean something that, if you removed it from our lives, would have serious financial and/or social consequences that would compromise the well-being of a significant number of people.

What is on my mind is the role of Windows in our culture. A couple of weeks ago at the RSA Conference, Microsoft revealed it is taking a new approach to computer security called "behavior blocking."

This actually isn't a new idea - Cisco and Network Associates use this concept today - but in Bill Gates' conference keynote address (something Gates usually turns into a marketing pitch) he said, "you can really think of this as taking the notion of secure by default to the next level."

Unfortunately, Gates offered no details of the technologies to be used or when they might appear. But the message is clear: Microsoft wants us to think that something is being done and that the company's Trustworthy Computing initiative hasn't stalled out.

But we can't wait for protection from all the threats that face us and we can't trust in hand-waving as a guarantee that we will have security in the future.

Just consider what would happen if a virus appeared tomorrow that capitalized on some obscure, hidden code in the Windows kernel that let it infect any machine it could connect to. Let's say that it could do so silently.

Now let's further suppose that at a set time the virus trashes every infected machine's registry or maybe deletes the host PC's file allocation table.

"Couldn't happen!" you say? How do you know it hasn't already happened and that the trigger data just hasn't been reached yet? What if that date is tomorrow? Or in 10 minutes?

Whatever this threat exactly is or whenever it might do it, we would have a catastrophe in the making. The scale of the problems this could cause would be staggering - booking systems down, point-of-sale systems dead, back-end systems offline - it would be a disaster of biblical proportions.

In the 1800s when the railroads were being developed, it wasn't obvious at first that they would become cultural infrastructure. The same applied to the telephone system and the gas and oil industries, the power supply industry and on and on.

But at some point we noticed that it was necessary for us to elevate these products and services to the status of cultural infrastructure and regulate them. We didn't take the businesses away from the owners of the railroads and the telephone systems as was done in Europe, but rather we created a regulatory structure that was supposed to ensure the integrity of the services for the benefit of the people.

Of course, politics and vested interests have made what was originally a philosophically and ethically sound idea look more like a fight for bargains at a post-Thanksgiving red-tag sale, but that is, unfortunately, the nature of politics.

Be that as it may, without such regulation, our society would be very different and less cohesive than it is today. This is because there is a very real limit to how much we can trust our fellow man to do the right thing.

Therein lies the problem with Windows. It has gone beyond being just a product and has evolved through its success into cultural infrastructure. And now it needs regulation.

While I, like you, dislike government interference in general, just think of what things would be like without regulation. Think telephone service is bad now? Deregulated telephone service probably would be a nightmare. A nightmare rather like the situation we could be in unless Microsoft gets security right or we take charge and make the software company get it right.

No comments: