Computer security: The feds lead the way

Posted by: Stephen Wildstrom on April 16, 2007

The federal government is finally using its vast purchasing clout to do something about the leaky security of Microsoft Windows. The Office of Management & Budget has decreed that all new systems purchased by federal agencies must use a secure configuration of Windows designed by Microsoft in cooperation with the National Security Agency.

But that’s only the beginning. One thing that has stopped enterprises from using Windows securely is that many programs won’t work properly when the systems are secured. To make sure that doesn’t happen, OMB is also requiring all software and hardware vendors to certify that their products will work properly with the secure configuration.

Corporations should keep a close watch on how this effort progresses. It should show them the way to much safer configuration of their own systems.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Reader Comments

Randy Abrams

April 18, 2007 02:07 PM

It has often been said that the government should be run like a business. There are lots of reasons why that might not be true, however the feds are doing better than most businesses with the requirement that businesses certify their products to work on a securely configured Windows installation.

A big part of the computer security problem has been with lax operating system configuration. Part of the problem is that Microsoft designs Windows to hide viruses by default. The default hide extensions and certain files has long been known by security experts to be the wrong thing to do. Microsoft only bears a portion of the blame though. Many software developers never design their software to run in a restricted user context. There is no good reason for a game to require administrative rights to run. There is no good reason for iTunes to prompt users to turn on autorun without explaining the security risks associated with the auto-infect feature.

Software developers have had little motivation to write software with the capability of customers running in a secure fashion. Consumers, by and large, are not security savvy enough to vote with their dollars on these issues and corporate IT managers have lacked the support of management required to vote with their dollars.

Perhaps it is time for corporation to run more like a government -- At least in their software security purchasing decisions.

Randy Abrams
Director of Technical Education
ESET LLC

Post a comment

 

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!