% fortune -ae paul murphy

Protected by Microsoft

From the Calgary Sun for Nov 10/06:

On Oct. 22, the computer was taken in a break-in at the northwest home of a CHR Collaborative Mental Health staffer.

The laptop was carrying contact, mental health and parental data on 1,000 Calgary-area children up to six years of age.

...

Police have determined the stolen computer's triple password security system means the mental health information is difficult to access, said Catherine Pryce, executive director of the CHR?s mental health and addictions services.

She also said the type of information itself is "fairly low-risk" though the incident is being taken very seriously.

Notice the confidence builders here: triple password protection (oh wow!), the data (on vulnerable children) is "fairly low risk" (!) and there are exactly "1,000" files - not one more, not one less.

And this, from an AP release on Nov 10/06:

A laptop computer containing 4,600 high school seniors' personal information was stolen from the U.S. Army Cadet Command's headquarters at Fort Monroe, an Army spokesman said.

A database on the computer, which had information about applicants for the Army's four-year ROTC scholarship, included Social Security numbers, birth dates, home addresses, phone numbers, parents' names and mothers' maiden names.

...

Kotakis said it's unlikely anyone will be able to access the personal information because the computer uses a security measure called a common access card.

And a password too.

But it's not just wandering laptops we should feel good about: here's a comforting news report from Jun 14/06:

A thief recently stole a computer server belonging to a major U.S. insurance company, and company officials now fear that the personal data of nearly 1 million people could be at risk, insurance industry sources tell NBC News.

The computer server contains personal electronic data for 930,000 Americans, including names, Social Security numbers and tens of thousands of medical records. The server was stolen on March 31, along with a camcorder and other office equipment, during a break-in at a Midwest office of American Insurance Group (AIG), company officials confirm.

An AIG spokesman says that there's no evidence that the thief has accessed the personal data on the server or used it for any illicit purpose. The server is password protected, the AIG spokesman adds.

So here's the problem: every time I read something like this I think they're talking about steel bars reinforcing the front door to a card board box in shanty-town - because basic file recovery methods and tools can bypass the logon processes and, in any case, the easiest password to break on most personal computers is the one protecting the applications and encryption passwords.

What's needed here, since real action seems beyond the industry, is a marketing campaign aimed at giving readers of news reports like these a feeling of comfort: a belief, no matter how ill founded, that adequate high tech protections are in place. A confidence builder, something, perhaps parallel to Intel's now defunct "Intel Inside" program - and yes, I do have a suggestion: "Protected by Microsoft."


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.