Comments on: Straight talking on terrorism
Richard Clarke, former U.S. counterterrorism chief, tells what countries are really doing about cybersecurity.
Most Popular
Latest tech news headlines
- AT&T has refurbished 16GB iPhone 3Gs for $49
November 27, 2009 4:27 PM PST
- Tips for safe online shopping
November 27, 2009 1:05 PM PST
- Black Friday at Best Buy: What's the big deal?
November 27, 2009 11:52 AM PST
- See all headlines
RSS Feeds
Add headlines from CNET News to your homepage or feedreader.
More feeds available in our RSS feed index.
- Markets
Related quotes
Why can't you just ask this idiot REAL questions about internet security and leave the politics out of the article - I've heard this crap so many times already - I could probably quote that idiot in my sleep.
As with most info sites, CNET used to offer real news, but now, you guys devote most of your web space rehashing crap that you can hear in about 10 minutes on the TV news, and hiring hacks like the bunghole who wrote this article, you are dropping down to tabloid journalism.
CNET you are becoming a complete waste of time.
- The elephant in the living room
- by clsgis November 21, 2004 12:08 PM PST
- The biggest "cybersecurity" problem facing the US Government and industry is Microsoft (MSFT).
- Like this Reply to this comment
-
(4 Comments)If Clarke didn't mention MSFT when asked about that issue, he either doesn't understand the
subject or he's afraid of offending MSFT or its sycophants.
Software security experts have known for decades that it's crazy to deploy millions of identical copies of any program on a public network. It's even crazier to deploy software that's *intentionally vulnerable* to takeover by trojans and zombies. And it's equally crazy to prevent the experts and the general public from inspecting that code for vulnerabilities.
The Microsoft environment doesn't attract worms and viruses because it's popular, it attracts them because it's broken in ways that lets worms and viruses get around. There are *more* Linux Web+database servers on the Internet than Microsoft Web+database servers, for example, but we are not seeing significantly successful worms on Linux.
That's why free and open source software (FOSS) is replacing Microsoft in the Internet core, and in government and critical industrial networks. If the US Government were serious about network and data security, it would stop buying Microsoft products, and begin a crash program to retire the ones it's got.
Meanwhile, we are living on borrowed time. We are damn lucky that the current wave of malware (worms , trojans, viruses, spyware...) was launched by spammers seeking hordes of PCs on broadband to send spam from. What are we going to do when al Queda launches a trojan worm that destroys financial data and disables financial Web sites? Why are the Department of Homeland Security and the Congress just waiting for that attack instead of moving to secure the computing infrastructure?