Are we ever going to get serious about Security?

So it turns out that Conficker is awake and may be dangerous. Gosh, it sure is comforting to know that this thing is so complicated and tricky that we still don't even know how it really works or what its intentions are. Peter Szor warned us that this kind of junk was coming a few years ago and it sure looks like his predictions are coming true.

That sealed my plan to switch my wife to Mac. I was going to wait for Snow Leopard, but I feel that things are getting too dangerous in Windows Land. Not that things are all hunky dory in OS X land - if Apple doesn't start getting serious about security, things will soon be just as bad here - and worse, because most Mac users don't run any A/V software at all.

And if Apple does do the things they say are coming, it looks to me like that might be only on the 64 bit machines? If so, where does that leave all the older boxes like my early MacBook Pro? Will I have to replace that to be safe?

Linux users have some reason to be smug, but really the danger for Linux is much the same as it is for Apple. Linux in general is doing a better job, but there has to be eternal vigilance. More important is that app vendors avoid Linux: if I could get Quickbooks on Linux, I wouldn't have bought the Mini . Are you paying attention, Apple?

Frankly, it annoys me greatly that all of this - every damn bit of it - comes from "ease of use". Our browsers just HAVE to be so damn friendly and helpful because it is inconceivable that any user should have to actually LEARN anything, should EVER have to do an extra step, should ever have to be even mildly inconvenienced. No, "user friendly" trumps everything.

Recent findings about cyber attacks on the U.S. power grid are another example of this. Can anyone tell me why systems like this need to be connected to the Internet? I can tell you why: ease of use. It would be so inconvenient not to have access right from your desktop..

On the programming side, it's similar. It's laziness and a desire for speed that leads to shortcuts and optimizations that later turn into exploits. Often when it is later realized that you really can't do things that way, the crap code has to be left in because to take it out would break too many "popular" applications. Wonderful..

My rants aren't going to change anything, of course. Stupid consumers (individuals and businesses alike) will continue to demand "ease of use" and programmers will keep giving it to them. Therefore, we need to get deadly serious about security in the OS. Again, I'd really like to see IBM, Apple, Microsoft and a lot of others create a unified security testing team. If properly funded, a team like that could really help.