Safe IT Is Possible

Coffee: The tech industry lags behind in building vital protective ability into the things it sells.

Its probably hard to remember, 35 years after U.S. law finally required them, that cars did not always have seat belts. First offered as an option on the 1950 Rambler, these simple, effective safety devices didnt appear until almost 50 years after Oldsmobile introduced the speedometer.

Our approach to IT has reflected similar values. We make it fast, we make it exciting, and we focus on power and speed; we take our time about making it safe, even when we know how.

These thoughts of decades past, when seat belts were an option, came bubbling to the surface when AOL announced subscription anti-virus protection for $2.95 a month. Adjectives like "breathtaking" came to mind.

Were more than a quarter century into the sale of personal computing; were almost as far along the timeline of connectivity whose origins were in services like CompuServe. Arent we a little behind on the goal of staying safely strapped into our digital vehicles, even when some uninsured hacker comes charging out of our blind spot? Should basic bit-safety equipment still be optional at extra cost?

We have always been able to build or buy only systems that told us what they were about to do and that gave us a chance to tell them not to do it. Those basic protections, and the doctrine of user responsibility for employing them, could have been designed in from the beginning.

Instead, we accepted what I can only call a science fair approach to product design: "Hey, look what we can do!" We failed to reject the idea, absurd on its face, of applications and operating systems that formed hidden alliances, beginning with technologies such as DDE and COM, that invoked one anothers powers without asking for permission.

I want visibility. I pay extra for an actual oil pressure gauge when I buy a car: It tells me when something unusual is happening—before Im already in trouble. I want safety.

As a pilot, I never take off without draining a bit of fluid from the low points of my gas tanks to make sure they hold pure gasoline, without a bottom layer of water. Its worth the time.

I dont expect safety to come without effort and education. As a chemical-plant engineer, I used to keep breathing equipment in a cabinet of my credenza and endured annual sessions of finding my way through a smoke-filled maze.

In short, I dont object to convenience, but I have been taught not to let it get ahead of reliable function. Computer users have been encouraged to reverse those priorities.

If you need an immediate example, observe that the Task Manager list in Windows comes up only on demand, in response to obscure incantations, instead of being a normal part of the desktop environment.

One would think that as soon as we introduced multitasking systems, wed show users—if only in their peripheral vision—the status of what their machines are doing, with highlights emphasizing anything theyd never done before. Thats the proper synergy between what people can do well, when they accept that its their responsibility, and what machines do well.

Im pleased to note that many of the honorees in this years eWEEK Excellence Awards, who joined us for dinner in Chicago as this month began, are part of the solution.

Although each of the 15 categories were judged by independent teams of eWEEK and corporate IT experts, two recurring features among the Excellence winners and finalists were event-driven fault recognition and integral, standards-based management tools.

For example, Symbol Technologies Symbol Wireless System not only provides access points and switching, it also provides an XML-based management interface that addresses, among other things, quality-of-service controls. System Management Arts InCharge Service Assurance Manager uses data correlation to distinguish the causes of problems from the side effects that follow. These products work to give users time to think.

Systems can be built to deal with the unexpected, and we should demand that vendors build that essential protective ability into the things they sell. Computer and network users must do their part as well. They must learn to drive defensively and buckle up.

Read More Port Scans: