P.J. Connolly: Proof might be in the pudding

The bad news is there are now two more things for net administrators to worry about: Macromedia Inc.’s Flash and Microsoft Corp.’s .Net Framework. The good news is that you don’t have to spend much time worrying about them…yet.

In early January, reports surfaced that each of these “environments” had become the subject of independently designed proof-of-concept viruses. I figured it was only a matter of time, given that the dot-bomb effect must have left thousands of Flash programmers with time on their hands in the one case, and in the other, that almost anything coming out of Redmond these days has a big, fat target painted on its side.

Nevertheless, it’s an interesting way to start the new year. Even though these viruses are lab critters of the first order – they aren’t loose, and the creators gave the concerned vendors a heads-up and example code before calling the press – they simply shouldn’t come as news to anyone. If there is a way to subvert computer security, no matter how closely controlled or poorly documented the vulnerability, it will be found and used.

Granted, I’ve seen plenty of Flash implementations that have grabbed every scrap of my computer’s resources while I frantically tried to shut my browser window, so I wouldn’t mind seeing a mass roundup and re-education of anyone noting Flash skills on his or her resume. Although this would do wonders for San Francisco parking, it won’t solve the security problem. If you use Flash on your site and you’re not actively securing the content, this is your wake-up call.

I could go on in a similar vein regarding the .Net Framework; but discussing the ills of Microsoft products can be a full-time job, and this column is already a day late thanks to some unplanned downtime. I’m positive that Microsoft’s developers aren’t clowns, and I’m sure that when company representatives tell me that security is a priority, those words are the absolute truth. After all, not many people wake up in the morning and decide: “Hey, today, I’m going to write some really crappy software that’s riddled with security holes.”

I don’t write code for a living, but I do know that programming is more art than science. Software is very much like a house of cards in that one false move can collapse the entire structure. But as a reader pointed out in response to some remarks I made in regard to IIS (Internet Information Server), when was the last time you heard of a virus taking out an AS/400, iSeries, or whatever IBM Corp.’s calling it this year?

Granted, there are a lot more Windows boxes out there than there are AS/400s, and like any predator, computer attackers go after the easiest prey first. This alone would seem a compelling rationale to find alternatives to Microsoft’s computing platform, but whoever said humans were rational?

P.J. Connolly (pj_connolly@infoworld.com) covers collaboration, networking, OSes, and security for the InfoWorld (U.S.) Test Center.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now