Path: utzoo!attcan!uunet!lll-winken!brutus.cs.uiuc.edu!tut.cis.ohio-state.edu!ucbvax!NIU.BITNET!A01MES1 From: A01MES1@NIU.BITNET (Michael Stack) Newsgroups: comp.protocols.tcp-ip Subject: Re: the worm and internet security Message-ID: <8908120813.AA07059@ucbvax.Berkeley.EDU> Date: 11 Aug 89 18:15:00 GMT Sender: usenet@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 29 > One of the problems that surfaces over and over in this forum is the > fact that the major vendors don't bother to fix the known security > problems in their products. The reason they don't fix these problems > is that they don't have much motivation to do so. ... The problem is much more difficult than that: KEEP THE NETWORKS OPEN. Virtually all of the people involved in a network are basically well-meaning and careful. The challenge is protecting them and the system from the tiny number who are malicious or foolish. Making it impossible for the latter to carry out their nefarious activities might seriously inconvenience everyone else. We must seek out ways of controlling aberrant activities without impeding communication. James H. Morris Professor of Computer Science Carnegie Mellon University from CACM, June 1989, p 661 Needless to say, the above is taken from a very long letter and must be considered as taken out of context. Nonetheless, it is an expression of the view that too much security can be a barrier to convenient use of computer networks. As it relates to the problem of fixing security holes, I suspect that this view is a much greater obstacle than vendor motivation. Michael Stack Northern Illinois University