Call for 'responsible' Coding

March 2003

Careless programmers need to be less like fighter pilots and more like responsible pilots, argues technology analyst Bill Thompson.

Anyone running Microsoft Windows 2000 will have been invited to install yet another security patch this week as the company's automatic update software struggles to tell users about a hole in a core Windows component.

The problem, with one of the dynamic link libraries that Windows uses to provide web services, is potentially serious because it could allow an attacker to take over a user's computer.

There are already programs available to make their job easier, which strongly implies that this problem was discovered some time ago by people who decided to use it to take over other people's computers rather than report it to Microsoft.

Now that the fix is available and being installed, the number of vulnerable computers will fall, although our experience with the SQL Slammer worm showed that many users and systems administrators seem to disregard security advice and leave their systems unpatched.

Even so, there will be more security alerts in the next few days, if history is any guide, and more holes for attackers to crawl through.

And they will not just be in Microsoft software: recent security scares have featured the Oracle database management system, the Domino web server and Sun's Solaris operating system.

Nor will they only be in commercially produced software where the source code is not available to check.

Coding insecurities

Many of the biggest and most important open source projects, from Sendmail to the Linux operating system kernel itself, have had their own security alerts recently.

Even Opera, the browser of choice for those who do not trust Microsoft's Internet Explorer because of its history of security problems, has its own bugs and required a patch only two weeks ago.

The real issue is not about a particular company, or a particular program, or a particular way of developing software.

It is about the increasingly irrational decision that many programmers make to write their code in programming languages which are inherently insecure.

Most of the bugs that we have seen, including the recent Opera, Windows 2000 and Sendmail problems, have the same underlying cause. The program has been written so that an attacker can send it data in such a way that it overwrites some of its own data storage and crashes.

These so-called buffer overflow vulnerabilities are not common when you consider the millions of lines of code that make up a typical computer system.

But they are there because so many of our key programs are written in languages like C which leave the programmer responsible for ensuring that data is properly checked, and buffers are properly managed

Jon Lasser, a security consultant from the US, thinks that too many of today's programmers see themselves as like fighter pilots, taking their systems to the limit.

Instead, he argues, they need to act more like commercial pilots who have to behave responsibly and consider passenger safety.

The first step to safety is to choose a tool that allows you to do the job properly and without too much risk.

Sure, I can get a screw into a piece of wood using a hammer, but the result is neither as elegant nor as secure as it would be if I used a screwdriver.

I first learned to program in a language that makes C look safe and secure - it is called BCPL and I recommend it only to the brave.

I now write in PHP and hack other people's Perl, but I am not writing safety-critical software.

In this connected world, where fewer and fewer of our computers are completely isolated from the network, responsible programming is becoming more and more important.

We will never eliminate bugs and security holes completely, but we can certainly improve on today's awful state of affairs.

Just as drink-driving has become socially unacceptable as well as being illegal, maybe we need to exert pressure on programmers to stay away from the tools and languages that allow them to make stupid mistakes, and refuse to use tools which have been developed without due care.

I can see the posters now: "Don't code in C: You know it makes sense!"

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion