Software Deathmobiles

12:50 PM -- It's been more than 40 years since Ralph Nader launched his campaign against U.S. automakers with the publication of Unsafe at Any Speed. Since that time, cars are, as near as I can tell, about a bazillion times safer. And there's even a fairly hefty consumer segment that pays close attention to which cars are safest (witness the frequency with which Volvo station wagons appear in the drives of upper middle class family homes).

Nader's point was that while there were plenty of small things that were designed into cars and that were prone to cause accidents (such as too much light-reflecting chrome on the dashboard, or nonstandard gearshifts that caused people to choose reverse when they wanted first gear), there were also cars that simply could not be driven safely because they were inherently unstable and prone to high-speed mechanical failures.

His primary example of this was the Corvair.

Figure 1:

In the view of some, it was an attractive car, but Nader's contention (and he had some pretty solid evidence behind him) was that the suspension of the car made it prone to "tucking under," which is to say that the wheels flipped up under the car at speed and whatever happened next wasn't likely to be a good thing. Additionally, the tire pressure required to maintain good control of the car exceeded industry-standard limits for those size and type of tires. You could have safe steering or you could have safe tire pressure, but you couldn't have both.

There was, in short, no way to drive a Corvair of that generation safely, at least not as it was sold by General Motors (there were aftermarket kits that would stiffen and improve the suspension, though you still had overpressurized tires to deal with).

What got me thinking about this was Dark Reading's recent piece about the drop in the increase in reported software vulnerabilities. (See Bug Disclosures Decline.) The vulnerability count isn't rising as fast as it did last year. The article mentions a bunch of reasons why this might be, all pretty reasonable.

But the truth is that it doesn't much matter whether there are fewer or more vulnerabilities. There are, I'm sure we all agree, vulnerabilities enough to go around. Plus, with a tip of the chrome chapeau to Ralph Nader, some of the most-used applications really can't be driven safely at any bandwidth. It's all but impossible to run Microsoft Outlook with a meaningful expectation of security. And pretty much any browser that runs JavaScript with a useable set of permissions is vulnerable to cross-site scripting attacks.

These are problems not unlike designing a car with a crappy suspension system. You don't just pump up the tire pressure past the recommended limit and suddenly your problems go away.

Rather, you've got to go back to the drawing board in a fundamental way. The "same origin policy" that's supposed to keep malicious scripts from running on your browser is full of holes and, given the way Web proxy servers are used in current Internet architecture, it isn't something that gets fixed just because you fix a bug here and there.

The answer isn't getting programs that check our tire pressure at regular intervals -- the answer is junking our Corvairs. Yes, there may be more and more problems like too much chrome on the dash, but the real problem is that we're driving deathtraps. When we're not just begging to be killed, then and only then should we worry about the vulnerability count.

Ah, but how do we get rid of the Corvairs? Part of the process is perhaps already underway, with Microsoft and others making major investments in identity management technologies. Knowing who's doing what may simplify the process of determining what's allowed to run within our browsers.

On the other hand, I have a sneaking suspicion that the IE browser is too complex and performing too many vaguely defined functions to be brought to heel. Better to create a safe browser that isn't trying to double as an operating system, a windowing system, and a transmission drive shaft all at the same time.

Nader really got things rolling when he convinced the U.S. government to hold Congressional hearings. Is it time to petition our elected representatives to hold hearings on the question of whether it's possible to reasonably secure Microsoft email?

— Robert Richardson is Director of the Computer Security Institute (CSI) . He finds Vespas too effete and isn't pious enough to own a Prius, so he drives a Chevy Venture van, which he declares unstylish at any speed. Special to Dark Reading.