Albion Mini-Navigator

Census Bottom Microsoft
Today's Flame 

September 28, 1998 |, San Francisco | Issue #003

Global Email Meltdown!

The very next email you receive could vaporize every last bit of data on your hard drive. The revelation that email applications from Microsoft, Netscape, Qualcomm and others could be vulnerable to hostile messages or embedded applications has raised eyebrows throughout cyberspace: You mean, a cracker could develop a hack/spam cocktail so that a single message, sent to tens of millions of addresses at once, could wreak tens of millions of computers at once, causing billions of damage?

Yes, the development practices of email vendors have left the entire Internet community vulnerable to the threat of a global computing meltdown. This situation represents a classic collision of two fundamental laws of computing: (1) Any sufficiently advanced program will eventually evolve to include email features; (2) more features, more security risks.

Back when Internet living was easy, people used email to exchange text messages quickly and efficiently. Anyone who had email could message anyone else in complete safety and security — those crooked messages that warned of the "Good Times" virus were pure hoaxes. Email was easy, ubiquitous, and secure. The early web browsers weren't part of a marketing Holy War. The programs displayed web pages and that's all folks.

Microsoft, Netscape, and other commercial software vendors ended those halcyon days. I can just imagine the product planning meetings, held around the conference table. Email is too simple. There's really no reason why anyone needs to use our particular email program. So let's add some features. Let's add lots of features. Soon there was a mad competitive rush to lard up the programs with formatting, attachments, backgrounds, the ability to execute programs, and more. Oh yes, let's integrate email with the web browser.

I doubt any single developer sat back and thought: Let's build a Trojan Horse! Let's figure a way for a single determined cracker to thrash millions of machines at once!! Apparently, none of the very bright planners and programmers were willing to concede the law of unintended consequences. Or pay attention to the most basic rule of computer security: gratuitous functionality creates security risks. The more features a program supports, the more code must be written. The more code that is written, the harder it is for any single programmer to grep the security consequences of the code, and the easier it becomes for the cracker to find a hole.

My advice to Microsoft et al: KISS. Keep it simple, stupid. Do your users really need the party balloon backgrounds? Make it elegant. How many users are going to poke through menu after menu after menu to find some sub-feature? Make it interoperable with other email programs, including older text-based ones. Consider if the functions are truly necessary in an email program: Wouldn't it be better if users put their HTML-formatted pages up on the web? Don't executables belong on the desktop, not exploding in people's inboxes? Think lean, tight code so transparent that each and every one of your programmers can parse the program's security footprint. But if you can't think of any of these, think of the liability ... do you want really want to explain to the company lawyers that you were responsible for the global email meltdown?

-- Seth Ross

Census Top Microsoft

Previous | Top | Next
Copyright © 1994-98
Overview of Albion Sites About Albion Ad Rate Card Web Development Services Go to Albion Home Page