Industry Analyst Nonsense

INDUSTRY ANALYST GROUP CrystalBall Readers, Inc. says that by the year 1980, everyone on the planet will throw away that Unix stuff and use CP/M instead! No, by the year 1985, DOS will rule the entire world! Er, by 1992, everyone will use Microsoft Windows. No, no, by 1997, Unix will be displaced by something from Redmond. Well, if not by then, it'll be by 1999! Maybe 2004. People are going to stop using Unix, trust us!

Do you know who sick I am of "computer industry analysts"? Anyone care to guess? (I'll give you a hint: it's roughly as much as I'm tired of listening to all of the Bravo-Sierra that spews from Redmond.) These yo-yos have been sitting in their little cubicles predicing the downfall of everything that makes sense for as long as I can remember. Enough!

If these guys are so smart, how come we didn't see predictions about the web? How come we didn't see them yelling years ago "Hey! The Internet better get its backbone beefed up, because it's going to get really busy soon!" Why is it that anyone believes one of these loons every time they pull a number out of the nearest orifice and says "it's going to be this much," or "this is when..."?

This really leads into a rant about what I think about IS managers who listen to these bozos instead of dreaming up and implementing cool ways to solve their companies' problems, making new ways of doing business, and bringing the power of technology to everyone's hands. But I'll link over to that one after I'm done writing it...

Someone on firewalls posted a little snippet, which really set me off.

According to IDC, the number of Internet and Intranet servers based on Windows NT "will increase more than twelve-fold in 1997 from 1995, and will overtake servers based on UNIX operating systems by 1999."

Let's see, didn't IDC also predict something like 12 quadrillion units of Winblows 95 would be sold by year end at first, only to reduce their numbers?

Who cares what IDC says? IDC is not a security organization. They are not engineers. They are in no position to tell anyone what is a Good Thing or Bad Thing for a firewall.

How useful is Windows NT if Microsoft cripples its "workstation" version to support only 10 TCP sessions (even if only by license)? NO, says Microsoft, you can't use that product, you need the $1000 copy of NT, which also includes IIS and all kinds of great and wonderful things to run on your bastion host.

`Hey! So what if there's security problems in 3.51? Patch? No patch! Upgrade to 4.0, give us an extra $500, and we'll fix that problem. No, there won't be any others. We swear. Look, our browser is secure, too!'

Every NT zealot out there needs to calm down and quit getting a stiffy every time that some suit-wearing, 8-5-working, industry-analyzing, helpdesk-calling, gobbledegook-speaking, Microsoft-worshipping ding dong says "Hey, this NT is good stuff!"

We talk about firewalls on this list, and there are plenty of reasons not to use NT for firewalls. In some organizations, they'll do it anyway, deciding that the level of risk associated with such behavior is acceptable for their organization. Others will blindly go goosestepping along to the empty sayings of mushy-headed "consultants" who pretend to know what they're talking about.

A proprietary operating system can never be a better solution than an open one where security is an issue. Without the ability to look under the hood, you forfeit the ability to see what's going on and make intelligent evaluations. And then, you're at the mercy of your vendor.

Live Free or Die.


interhack | cmcurtin | vitals | the soap box | publications | perl | hackcam | links

C Matthew Curtin
Last modified: Mon Dec 8 22:45:21 EST 1997