http://news.com.com/Schneier+questions+need+for+security+industry/2100-7355_3-6179500.html
“We shouldn’t have to come and find a company to secure our e-mail. E-mail should already be secure. We shouldn’t have to buy from somebody to secure our network or servers. Our networks and servers should already be secure.”
and
“Security is a small but important piece of the bigger picture,” Schneier said. He added that consumers shouldn’t accept any product that is inherently insecure.
Dumb Dumb Dumb!
You can’t fight basic economics!
In my Quotes Database
Be very glad that your PC is insecure—it means that after you buy it, you can break into it and install whatever software you want.
What YOU want, not what [content providers] want.
– John Gilmore of the EFF
Amusing, yes, but true.
And in a deeper way.
When the PC came out it was shipped as a very crippled system but an OPEN SYSTEM. You could easily open it up and plug stuff in. This meant there
was opportunity for third party developers, hardware and software, and upgrade path. A whole ‘ecosystem’ grew up around the PC. The threshold to entry was low - hence much freeware and shareware and a massive amount of experimentation. The fact that it was crippled actually encouraged developers.
Contrast this with the closed system of the MAC when it came out. Look at the market share.
We can see this in economic history as well. Countries and eras where power and control mattered more were not economically aggressive. The most obvious example is cold war era USA and The Soviet Union, but there are many others through history. Its not about “freedom” in the sense that Tom Paine and the American Founding Fathers wrote of it so much as freedom to prosper. Hong Kong under British rule demonstrated that. Economic growth without the need for USA-style or any of the European styles of “democracy”.
The issue isn’t that software products are insecure. That is an emergent property of the economic system that allows their development; as people here have pointed out many times, the market pays for what it wants wants. Commenting on certain types of firewalls, Marcus Ranum has observed that people are more willing to pay for speed than security. (And why do people pay for cars that can go faster than our roads will safely permit?)
Perhaps “closed” isn’t quite the right term. Apple’s iPOD is a closed unit, but there is a vast market of third party add-on units for it. The iPOD economic ecology is very rich, rich enough to allow competitors (look how many other MP3 players there are).
But the point is that a product strategy that allows for this “let others add value” is a sound one. In many ways its better than having a closed system and worrying about your “channels” because the developers of these add-ons are doing your marketing for you.