Path: utzoo!attcan!uunet!lll-winken!brutus.cs.uiuc.edu!tut.cis.ohio-state.edu!ucbvax!NIU.BITNET!A01MES1
From: A01MES1@NIU.BITNET (Michael Stack)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: the worm and internet security
Message-ID: <8908120813.AA07059@ucbvax.Berkeley.EDU>
Date: 11 Aug 89 18:15:00 GMT
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 29

> One of the problems that surfaces over and over in this forum is the
> fact that the major vendors don't bother to fix the known security
> problems in their products.  The reason they don't fix these problems
> is that they don't have much motivation to do so. ...

The problem is much more difficult than that:

   KEEP THE NETWORKS OPEN.  Virtually all of the people involved in a
   network are basically well-meaning and careful.  The challenge is
   protecting them and the system from the tiny number who are
   malicious or foolish.  Making it impossible for the latter to carry
   out their nefarious activities might seriously inconvenience
   everyone else.  We must seek out ways of controlling aberrant
   activities without impeding communication.

                                          James H. Morris
                                          Professor of Computer Science
                                          Carnegie Mellon University
                                          from CACM, June 1989, p 661

Needless to say, the above is taken from a very long letter and must
be considered as taken out of context.  Nonetheless, it is an expression
of the view that too much security can be a barrier to convenient use of
computer networks.  As it relates to the problem of fixing security holes,
I suspect that this view is a much greater obstacle than vendor motivation.


Michael Stack
Northern Illinois University