The bad news is there are now two more things for net administrators to worry about: Macromedia Inc.’s Flash and Microsoft Corp.’s .Net Framework. The good news is that you don’t have to spend much time worrying about them…yet.
In early January, reports surfaced that each of these “environments” had become the subject of independently designed proof-of-concept viruses. I figured it was only a matter of time, given that the dot-bomb effect must have left thousands of Flash programmers with time on their hands in the one case, and in the other, that almost anything coming out of Redmond these days has a big, fat target painted on its side.
Nevertheless, it’s an interesting way to start the new year. Even though these viruses are lab critters of the first order – they aren’t loose, and the creators gave the concerned vendors a heads-up and example code before calling the press – they simply shouldn’t come as news to anyone. If there is a way to subvert computer security, no matter how closely controlled or poorly documented the vulnerability, it will be found and used.
Granted, I’ve seen plenty of Flash implementations that have grabbed every scrap of my computer’s resources while I frantically tried to shut my browser window, so I wouldn’t mind seeing a mass roundup and re-education of anyone noting Flash skills on his or her resume. Although this would do wonders for San Francisco parking, it won’t solve the security problem. If you use Flash on your site and you’re not actively securing the content, this is your wake-up call.
I could go on in a similar vein regarding the .Net Framework; but discussing the ills of Microsoft products can be a full-time job, and this column is already a day late thanks to some unplanned downtime. I’m positive that Microsoft’s developers aren’t clowns, and I’m sure that when company representatives tell me that security is a priority, those words are the absolute truth. After all, not many people wake up in the morning and decide: “Hey, today, I’m going to write some really crappy software that’s riddled with security holes.”
I don’t write code for a living, but I do know that programming is more art than science. Software is very much like a house of cards in that one false move can collapse the entire structure. But as a reader pointed out in response to some remarks I made in regard to IIS (Internet Information Server), when was the last time you heard of a virus taking out an AS/400, iSeries, or whatever IBM Corp.’s calling it this year?
Granted, there are a lot more Windows boxes out there than there are AS/400s, and like any predator, computer attackers go after the easiest prey first. This alone would seem a compelling rationale to find alternatives to Microsoft’s computing platform, but whoever said humans were rational?
P.J. Connolly ([email protected]) covers collaboration, networking, OSes, and security for the InfoWorld (U.S.) Test Center.
