APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Are we ever going to get serious about Security?

So it turns out that Conficker is awake and may be dangerous. Gosh, it sure is comforting to know that this thing is so complicated and tricky that we still don't even know how it really works or what its intentions are. Peter Szor warned us that this kind of junk was coming a few years ago and it sure looks like his predictions are coming true.

That sealed my plan to switch my wife to Mac. I was going to wait for Snow Leopard, but I feel that things are getting too dangerous in Windows Land. Not that things are all hunky dory in OS X land - if Apple doesn't start getting serious about security, things will soon be just as bad here - and worse, because most Mac users don't run any A/V software at all.

And if Apple does do the things they say are coming, it looks to me like that might be only on the 64 bit machines? If so, where does that leave all the older boxes like my early MacBook Pro? Will I have to replace that to be safe?

Linux users have some reason to be smug, but really the danger for Linux is much the same as it is for Apple. Linux in general is doing a better job, but there has to be eternal vigilance. More important is that app vendors avoid Linux: if I could get Quickbooks on Linux, I wouldn't have bought the Mini . Are you paying attention, Apple?

Frankly, it annoys me greatly that all of this - every damn bit of it - comes from "ease of use". Our browsers just HAVE to be so damn friendly and helpful because it is inconceivable that any user should have to actually LEARN anything, should EVER have to do an extra step, should ever have to be even mildly inconvenienced. No, "user friendly" trumps everything.

Recent findings about cyber attacks on the U.S. power grid are another example of this. Can anyone tell me why systems like this need to be connected to the Internet? I can tell you why: ease of use. It would be so inconvenient not to have access right from your desktop..

On the programming side, it's similar. It's laziness and a desire for speed that leads to shortcuts and optimizations that later turn into exploits. Often when it is later realized that you really can't do things that way, the crap code has to be left in because to take it out would break too many "popular" applications. Wonderful..

My rants aren't going to change anything, of course. Stupid consumers (individuals and businesses alike) will continue to demand "ease of use" and programmers will keep giving it to them. Therefore, we need to get deadly serious about security in the OS. Again, I'd really like to see IBM, Apple, Microsoft and a lot of others create a unified security testing team. If properly funded, a team like that could really help.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Are we ever going to get serious about Security?


Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Thu Apr 9 14:46:15 2009: 6076   sledge

I wonder what differences between GnuCash and QuickBooks exist that prevent you from using GnuCash instead. I realize that GIMP is no Photoshop and this may be a similar case. I don't use QuickBooks so I don't know if GnuCash is a drop in replacement. Have you looked at GnuCash?

Thu Apr 9 14:49:13 2009: 6077   TonyLawrence

Oh, yeah, I've looked at GNUCash and everything else: not even close. Not even worth comparing - that far apart.

Thu Apr 9 14:58:11 2009: 6078   TonyLawrence

I am glad you reminded me of that though. I haven't looked at GNUCash in a few years so I really should go get a copy and see what it's like now..

Thu Apr 9 15:03:45 2009: 6080   sledge

Let me know what you think. It would be nice to scratch one thing of the list of apps that make Windows linger.

Thu Apr 9 15:33:27 2009: 6082   TonyLawrence

(shaking my head)

As is unfortunately all too common, GNUCash is leading me down a path of

./configure go find the package it doesn't like ./configure go find the package THAT doesn't like repeat above until you get it to work or get thoroughly sick of it.

It may be a while before I get done with this.

Thu Apr 9 15:42:45 2009: 6083   TonyLawrence

Well, that was fun while it lasted.

GNUCash needed GLIB 2.6 or greater. I brought that down and installed it, configure then wanted a newer "guile". That's when I found that Glib had broken the gui..

Oh, well: maybe another day when I have more patience.

Thu Apr 9 15:48:54 2009: 6084   sledge

Sorry to hear that. I think this is the real reason Linux adoption (on the desktop, really) is slow and not gaining speed. Ubuntu gets around it with its package management, but then you only get the most recent version of which some volunteer made a package.

Thu Apr 9 15:54:25 2009: 6085   TonyLawrence

Ayup. Of course it's always fixable; it just takes patience.. and time I don't have right now.

It also effectively makes you run two machines or run in a vm where you can snapshot before trying to install or upgrade anything. The risk of killing your system is just all too real to ignore.

Thu Apr 9 17:17:31 2009: 6088   TonyLawrence

I see that Michael Calce (Mafiaboy) (link) thinks that "a government entity needs to step in and certify all code that runs on the Internet".

Um.. that's a lotta code :-)

Our US Guv seems to be agreeing: (link)

Which sure reminds me of (link)

When I wrote that, I don't think too many people took it seriously. It IS serious, and it is now much closer to being able to come true.

Thu Apr 9 18:50:20 2009: 6089   jtimberman

Conficker exploits a bug that was patched back in October-ish. If your systems are still vulnerable, you deserve to get infected IMO.

Bruce Schneier wrote about the US Power Grid "hacks" today:

Thu Apr 9 19:02:20 2009: 6090   TonyLawrence

It's not specifically Conficker that worries me - it's the level of sophistication being reached. Go read what Peter had to say four years ago and imagine how much things have progressed since then.

Thu Apr 9 19:14:43 2009: 6091   TonyLawrence

Just in case anyone is misinterpreting: I'm NOT in favor of the Gov. getting to involved here. That (link) from almost six years ago expressed my concerns about that.

Unfortunately, because Microsoft and Apple have been so slow and stupid, we might just get this.

Thu Apr 9 19:15:56 2009: 6092   BrettLegree

The two systems in my household that are vulnerable to this are patched of course (my wife's Vista laptop, and the XP VM on my Mac).

This isn't what concerns me though - unpatched systems can affect all of us who *are* patched, or are running systems not affected by this, because we share the internet.

I mean, even if we smile and say, "we run Macs" or "we run Linux and BSD", what if the virus writer is clever and makes the infected systems slow the internet to a crawl?

Then it doesn't matter if my computer is "safe". It is just a typewriter at that point!

Mon Apr 13 17:30:43 2009: 6163   anonymous

Gnucash is very odd.

The double entry system it uses looks like it would be very effective at keeping track of everything, down the penny, and would avoid the vast majority of accounting mistakes that you'd tend to run into. But it seems very labor intensive to use.

Other accounting software is avialable in online versions though. At least consumer stuff. I am surprised that Quickbooks doesn't do it, but Qucken does.

But I was looking into using Gnucash to get my personal finances in order. Never used any other financial software before except Turbotax online version.


As for Gnucash on Ubuntu... they should be avialable pre-packaged if you enable the repository.

Mon Apr 13 17:54:22 2009: 6164   jtimberman

We've used GNUcash on Windows and Linux for close to 5 years for our checking/savings accounts. My wife, who is totally nontechnical likes it, but really we just use GNUcash as a checkbook register, nothing more complicated than that.

Tue Apr 14 14:15:00 2009: 6172   sledge

Sorry Tony,


QuickBooks has an online version but it requires Windows 5, 5.5, or 6, Internet Explorer 6 or 7, Java/JavaScript and cookies enabled, and Adobe Reader 6 or 7. So that won't help eliminate Windows. I have a few customers that are using, have used, and/or are considering using this and they like it. Of course that means they are using Windows and stuff.

Fri Apr 17 08:49:35 2009: 6208   drag

Internet Exploder will work fine in Wine... I don't know about Adobe's stuff, but unless it's a absolute requirement that the pdf must be embedded in the website then Adobe's stuff for Linux and OS X should work fine. It is quite easy to fake the agent strings to let firefox or anything else get past any browser detection situations.

This will get it working quite easily. At least it did last time I needed it. (which was some time ago)

Useful for web developers that want to test the rendering for different systems, but don't want to pay for Windows. I don't know if it will work in OS X that well, but it should.

Fri Apr 17 13:19:50 2009: 6215   TonyLawrence

This week brought news of a Linux root hack: (link) and Mac Botnets: (link)

Computers are so much fun now..

Sun Mar 20 13:45:12 2011: 9388   TonyLawrence


And on it goes:


Chrome escaped unscathed, showing that Apple and Microsoft simply are not working hard enough at this - as always, worrying far more about ease of use for the user than security!

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us