Saturday, January 10, 2004

Oh really?

Philip Brittan has a News.com article in which he states his belief that thin client technology will solve todays' problem with worms and viruses.

[Now what did I do with that sharp stick. Ah, there it is.]

Mr. Brittan has a few misconceptions in his article. The problem which contributes the most to the current environment of worms and viruses is not corporate. It's all of those unprotected home systems. Suggesting a move to thin client technology is ludicrous in that no home user will pay thousands of dollars just for the operating system. If they did, it's the same clueless user managing the server for those thin clients.

While Microsoft did market itself as the "secure" operating system for the general masses, I don't see them as being at fault. Rather, I see the person responsible for administering the computer as being mostly at fault. The majority of all vulnerabilities, regardless of which operating system is in use, have patches or work-arounds. It's up to the end-user to keep his/her system up-to-date.

Okay, I do blame Microsoft a bit. Mostly their marketing department though. MS's marketing department drives if/when a product hits the shelves (often before it's ready). If you've read my posts before, you'll see a common theme. If you're going to use the Iraqi Information Minister's method of marketing, you'll be able to find me here, whispering "the Emporer has no clothes".

One of my favorite lines in the article is "Servers, on the other hand, operate in highly managed environments and are much easier to protect than desktop PCs." That depends on the server and the company it "works" for. Most companies spend as little as possible on adminstration after the fortune they lay out for their technology. What's not stated here is that compromised servers are often able to do that much more damage before they're detected because the hardware is that much faster/more powerful. Yes, one compromised server is easier to repair than twenty five compromised workstations. But unless you're a Fortune 1000 company and can afford a "grid", your thin client network is going to be down until the server is repaired.

Anyways... Substituting thin clients for stand-alone systems is not a solution for compromises. It only changes the environment in which the viruses and worms develop. Outlook is Outlook. If you're using thin client technology and have three infected users, it means you have three instances of a virus running in user space on that server. The infected e-mails are still being sent out. Hackers and virus writers will find other vectors/vulnerabilities (thin client technology has its own problems) to exploit.

Rather than throwing the baby out with the bath water (dumping all of your workstations for thin clients), spend the money on your people. More/new technology is NOT a substitute for education. Spend the money on your administrators ("grow" your own, hire better ones, or outsource 'em) and your users. I cannot stress enough that you have to also train your users. It only takes a careless click of a user's mouse to void all that money you spent on administrators and technology.

Finally, contrary to what you might assume in reading the article, Mr. Brittan has nothing to do with information security. A little research reveals that he is chairman of Droplets, Inc., a company which sells a thin client application.