This is a totally excellent article. Security has nothing to do with competition creating systems which are easier to fix. Definitely, the ability to choose systems where we control which components are active and can minimise our vulnerability footprint adds nothing.

What we need is a central computer planning committee. This would be a UN agency, funded by a new tax on VOIP and IPSEC traffic (0.1 euro in the Meg e.g.).

The head of this would come from Microsoft marketing. The would then mandate a standard computer configuration for everybody. All computers would have to have the same configuration and the same services turned on (for special security IIS and Internet Explorer would be mandated, for example) then there would only be one set of vulnerabilities worldwide.

Exceptions would be granted for special systems (e.g. Microsoft developer systems) but only with a personal signature from Bill Gates.

Even better, a clear definition of vulnerability could be had (this has always been a problem in computer science). A vulnerability is a system which behaves differently from the standard system when subject to attack. Since almost eveybody would have the same configuration, almost noone would have a vulnerability.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/190/23091#23091