Career Opportunities

The High-Tech Career Handbook

A weekly ComputorEdge Column by Douglas E. Welch

High-tech workers have responsibility to question security flaws

August 20, 2004

Discuss High Tech Careers

We all know about the numerous security holes of Microsoft Windows and its associated programs, such as Internet Explorer. We all know inherently that relying on any one company or technology leaves us vulnerable to large scale attacks. Still many of us, as high-tech workers and consultants, continue to use and promote these products in our work. At what point does our reluctance to change turn into culpability?. If we know these products to be flawed, why aren't we searching for better alternatives? Are we really doing the best work for our clients or are we simply trying to make it easier on ourselves?


Nothing is 100% secure


The truth is, Windows isn't the only security problem on the block. Router firmware allows crackers to alter settings and remotely control denial-of-service attacks against others. Email software allows the propagation of viruses and SPAM. Within a few months we might even be experiencing viruses and worms that infect our cell phones. Still, some security is better than none at all and, at last, some manufacturers are finally addressing security as a major concern.


For me, the best security and reliability come from a diverse computing environment. Instead of standardizing on Windows XP with Internet Explorer, why not introduce a few Macs here, a few Linux boxes here. Why not give your clients an opportunity to use Firefox or other web browsers? In this way, one virus, one worm, one attack will not put all your computing resources out of business. Diversity such as this, combined with vigilant security practices on the part of both manufactures and users, can yield a robust computing environment that is resistant to problems.


Holding everyone responsible


There is another good reason to have software and hardware alternatives in your stable of computer systems. The best way to demonstrate your concerns about software security is to cease using a product until security issues are resolved to your satisfaction. "Voting with the pocketbook", when combined with complaints via phone or mail, is one of the best ways to make your concerns known. The truth is, if user concerns don't effect a company's bottom line, they will not dedicate the time and energy needed to secure their systems. If you want to change, you have to lay the groundwork on your end, so that you have the freedom to switch whenever a vendor is not serving your needs.


So, what does this mean to manufacturers? This means that we, as purchasers and users require that exploits be fixed in days, not weeks or months. We should require immediate notice of security issues and be provided with immediate work-arounds until a fix is available. We should expect that security will be an integral part of every software or hardware project. Further, security issues should be part of the very fiber of the product. It should be a consideration from the initial proposal to the final product. Manufacturers who fail to deliver on these goals will find their market share diminished and their profitability effected in ways they can only imagine today.


The power to hold companies directly responsible for their products is in our hands today. We only need to the forethought and the courage to see the path. When we take the time and energy necessary to protect our systems and set reasonable security guidelines for the products we purchase, it will benefit everyone.


The future


As security becomes more and more an issue in our purchasing decisions, manufacturers will continue to improve. We owe it to ourselves, and our clients, to push these issues as far as possible. While 100% security is probably a pipe dream, systems which are secure should be the norm, not the exception. The era of "security as a second thought" is gone. We no longer have the luxury of ignoring security issues, if we were ever able to truly ignore them in the past. It is up to us, the high-tech workers who make everything happen for our clients, to clearly state our goals and our needs. Then we must push manufacturers to deliver on those needs in a meaningful fashion. Otherwise, we should vote with our pocketbooks and look elsewhere for our high-tech solutions.

Get your copy today!

Now Available from CafePress.com