The only point in here that's defensible is (5), and that's because it's so vague that it doesn't mean much.<p>(1) Split I and D memory aren't a silver bullet against memory corruption flaws; "Harvard" architecture machines have had remote code execution flaws. Attackers aren't writing directly to program text; they're writing to data structures that effect command & control (most famously the stack) inside the process. Over the past 10 years, <i>randomization</i> has been more effective than any explicit control over what can or can't be executed.<p>(2) Most modern memory corruption flaws don't involve someone's strcpy(). It's far more common to find math problems in the handling of counted data structures --- you know, like the ones Charlie Stross praises. Meanwhile, if you want "safe" string handling, you use a string library.<p>(3) We have pervasive TCP/IP encryption today. It does nothing to address computer integrity. Encryption only keeps attackers from talking to you if you can authenticate and authorize every connection. You talk to thousands of sites daily; authorizing them is untenable. Meanwhile, this business of "listeners promiscuously logging traffic and cracking it at leisure" (side note: nobody logs "promiscuously" anymore): it takes an awful lot of leisure to crack AES128, or even DES-EDE.<p>(4) "The world wide web" has problems, but it's unclear that Stross can actually point them out. Turning Javascript on is unlikely to make you "some script kid's bitch" (turning <i>Java</i> on is another story). People turn off Javascript to avoid XSS, which makes one site a bitch, but not your whole browser.<p>(6) <i>Bloody</i> Microsoft took security seriously sooner than any other large vendor, as we're all discovering to our chagrin today. Nobody took software security seriously in 2000 except for software security practitioners. It's as true in 2001 as it was in 1995 that a skilled attacker could have popped any Sun machine, any sufficiently complex web app, any document viewer, any graphics format, or any SSL stack. So why blame Microsoft? They at least got a grip on the problem.<p>Let me be direct: things would have been just as bad if our CPUs had split I&D memory. They'd have been just as bad if everyone used Pascal strings. They'd have been just as bad if we had pervasive IPSEC from day #1. They might be better if we didn't have the WWW, but then, we wouldn't care how good or bad things were (like we didn't seem to care so much when people were owning up DMS500 switches at the phone company in 1991). Things would have been just as bad --- maybe, believe it or not, worse --- had Solaris been the dominant OS in 2000.<p>The problem is, nobody really knows how to make correct software. It's a core problem in Software Engineering and it's unsolved. Without correct software, you can't have secure software. Sorry.
Or maybe it's "where we went right". Let's imagine a world where TCP/IP was encrypted. What consequences would this have? 1: it would have spread a lot slower. Effective encryption was VERY expensive 30 years ago. 2: The powers in charge would have been much less likely to let commercial interests and non-research institutions connect.<p>The most likely possibility in that environment? It may well have caused AOL to win. Remember, network effects are hugely important. Sure, the digerati would have accounts on compuserve or the Well, but they would have also have had an AOL account because everybody was on AOL.<p>I shudder.
Bull. It's not about technology, it's about people.<p>Back in the 1960's, people had a fear that there was going to be this one big mainframe, attended to by a bunch of priests, that would rule the world. (See "Colossus, The Forbin Project")<p>Just a decade later, in Don Parker's 1976 book, "Crime By Computer",<p><a href="http://www.amazon.com/Crime-Computer-Donn-B-Parker/dp/0684155761" rel="nofollow">http://www.amazon.com/Crime-Computer-Donn-B-Parker/dp/068415...</a><p>we see that the computer crime landscape is substantially the same as it is today. We see embezzlement, computers being used to create thousands of false insurance policies, data theft through timesharing terminals, physical attacks on computers, and concerns about privacy. The only thing that's missing is phishing... And this is just before microcomputers hit the market.<p>By early 1980's the "Cyberpunk" genre is established in science fiction and Niel Young sang "Computer Cowboy" on his album trans... We then knew the threat of computers was anarchy, not total government control.<p>The fact is, evil is in the heart of man. People are going to use whatever technology is available to do what they're going to do. Criminals use cars, air travel, and telephones every day. We can certainly close off certain avenues of technological attack, but as long as there is a motive, people are going find the opportunity to commit crimes.
<i>According to one estimate pushed by the FBI in 2006, computer crime costs US businesses $67 billion a year. And identity fraud in the US allegedly hit $52.6Bn in 2004.</i><p><i>Even allowing for self-serving reporting (the FBI would obviously find it useful to inflate the threat of crime, if only to justify their budget requests), that's a lot of money being pumped down a rat-hole. Extrapolate it worldwide and the figures are horrendous — probably nearer to $300Bn a year. To put it in perspective, it's like the combined revenue (not profits; gross turnover) of Intel, Microsoft, Apple, and IBM — and probably a few left-overs like HP and Dell — being lost due to deliberate criminal activity.</i><p>I call bullshit. These numbers are, imho, just as made up as the RIAA's "losses to piracy" numbers. I don't believe them, not even for one second. The real numbers could be as far as 3 or 4 orders of magnitude smaller
C doesn't really have a string type, it just has something called pointer to a character, and another thing called 'array of characters'. The standard library is what implements the string functions, not the C language, and the standard library was not written in such a way that the guts of the implementation were hidden from view so it is nearly impossible to fix after the fact. The few string routines that are now 'overwrite safe' notwithstanding, the 'old' stuff is still in use and plenty of new code is still being produced using these unsafe functions. Nul terminated strings are a convention, not a language implementation detail. So the blame does not really go to the C language but to the library implementation.<p>Another thing missing is homoglyphs.
These all seem pointless next to the inevitable social engineering that led John in accounting to give that Excel spreadsheet of bank info to "Dan" from an "outside auditing firm". PEBKAC!!
>And Microsoft, by dropping security support for older OSs, aren't helping the problem.<p>I disagree with this. The only way to get users off defunct OSes, and onto the newer, fundamentally more secure ones, is to stop supporting the old ones.
>User education, or the lack of it. (Clutches head.) I have seen a computer that is probably safe for most users; it's called an iPad, and it's the digital equivalent of a fascist police state: if you try to do anything dodgy, you'll find that it's either impossible or very difficult.<p>I'd be interested to see some security studies that compare banking behavior on iOS/Android vs. desktop. I don't access financial data on my phone, but my impression is that the way these devices are designed to be used without much training makes it a lot easier for social engineering to succeed, which is the primary attack vector anyway.
Even the app store isn't immune to attack. Wasn't there a trojan type attack recently where an apparently innocent program had a dual purpose?<p>I don't have a link to hand I'm afraid...