Interview with Dan Kaminsky on Microsoft's security, 2005-07-20
Story continued from Page 2
You made an example with cars. As far as I know cars manufacturers need to create safe products, test them, obtain certifications, and then they are still held responsible for structural problems (if the engine blows up, for example). Do you think that software companies should be responsible when something blows up in their products? Or maybe they shouldn't because the problem is not the bug, but the guy who exploits it?
Are cars 100% safe?
Not at all.
Approximately 42,000 people die every year in the United States from car accidents, and that's without organized crime groups throwing down spike strips on the interstate. Tell car companies they're to meet a zero-death standard, even with the spikes -- and they'll either laugh or run screaming. Either way, they won't meet the standard.
Look. There's a real difference between "cars shouldn't blow up when tapped lightly on the rear bumper" and "cars shouldn't blow up, no matter what". The former is a tractable engineering problem, the latter isn't. Eventually, as a society we need to decide whether or not the benefit of driving is worth the 42,000 lives lost directly to it. (Of course, how many lives are saved by ambulances racing to the hospital within the golden hour?) Similarly, we need to decide as a society if the benefits received from having PCs on an international network exceeds the risks therein. Once we make that call -- obvious, in both cases -- the question becomes how we mitigate the inherent risks of what we're doing. The answer amongst vehicles is that we demand that under reasonable operating conditions, nobody should get hurt. (Thus the mad rush to assign blame when something goes wrong -- it must be found who violated the conditionals, who drove too fast, who drank too much, who followed too close, etc. Note, this creates definitions for too fast, too drunk, etc). We do similar things to networks -- specify antivirus, recommend firewalls, etc. But we can't even stop 42,000 people from dying; certainly we can't stop all hacks anywhere.
But if everyone who got in a car died, there wouldn't be any cars. Most people who go online need to be able to stay secure, such that the few exceptions can be specifically investigated and repaired after the fact. The 90% spyware infection rate is actually Microsoft's greatest threat, because it really does argue for -- boot off Knoppix and every day have a fresh, working machine, instead of "It works today, it might work tommorow".
