Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Insurance company charges Windows NT customers more.

By ucblockhead in News
Tue Jun 05, 2001 at 04:33:51 PM EST
Tags: Security (all tags)
Security

Companies have offered "Hacker Insurance" for a couple years now, The Wurlzer Group has come up with a new innovation: Different Rates depending on the operating system that you choose.


The Wurzler Group is the first company offering "hacker insurance" to charge a higher premium to its customers who use Windows NT, news that is certain to add fuel to the OS wars. This is almost certainly not a matter of activism as the company claims to have hard numbers showing higher payouts to their NT customers (The company itself uses IRIX) and no mention of the differing premiums is evident on their site.

Obviously it is important not to make too much of this as other similar companies have yet to follow suit as yet. But with the field still in its infancy, the move may signal the beginning of some marketting difficulties for a company that prides itself on reliability.

(Those with a sense of vindication at this news should avoiding feeling too complacent.)

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Most secure OS
o Windows NT 8%
o Linux 9%
o FreeBSD 41%
o CPM 41%

Votes: 75
Results | Other Polls

Related Links
o The Wurlzer Group
o Different Rates
o "hacker insurance"
o uses IRIX
o other
o similar
o company
o prides itself
o Those
o complacent
o Also by ucblockhead


Display: Sort:
Insurance company charges Windows NT customers more. | 20 comments (12 topical, 8 editorial, 0 hidden)
Trust it to some cold-hearted bastards (4.60 / 5) (#1)
by Wah on Mon Jun 04, 2001 at 08:11:13 PM EST

to define the more reliable OS.

There's actually some interesting stuff in a couple of those links. The idea that people who work for open source companies tend to stay there 33% longer is an interesting one. I just got a job where I get to work on Linux more than MS products (although not for my desktop) and I am enjoying it much more than trying to support something I can't really fix or have to pay the creators underlings for "top notch" support.

BTW, the company that is doing this is an 8 person firm out of somewhere not catchy enough for me to remember on one reading.
--
Some things, bandwidth can't buy. For everything else, there's Real Life | SSP

Makes sense (4.00 / 2) (#5)
by stuartf on Mon Jun 04, 2001 at 10:30:50 PM EST

Considering that Windows based web servers tops the defacements lists, this makes sense. Of course, those companies that hire competent NT admins should have few problems anyway.

I do wonder whether hacker insurance is such a good thing. Security is a process, not a set of fixes, and setting insurance premiums based on OS fails to take into account all the other things that affect security. I would say the skill & dedication of your admin is one of the most critical factors when it comes to security. If they can't be bothered applying security patches, they deserve to get hacked.

Disclaimer: I get paid to work with Microsoft products everyday (but not by Microsoft)

OS not the issue? (5.00 / 6) (#6)
by Signal 11 on Mon Jun 04, 2001 at 11:31:30 PM EST

Is it possible that the Operating System isn't the issue, but instead the training which potential system administrators receive prior to taking over security responsibilities? I know far too many 'NT administrators' which, up until two weeks ago, had never touched an NT box, but because they 'know windows' they've been elected to the job.

By comparison, it is relatively rare still (although thanks to the rapid popularization of linux, this is changing) to find a UNIX administrator that is similiarily un-clued as they have received quite a bit of experience and training prior to moving into UNIX. People don't start on UNIX, they graduate to it, and as a result, the experience-base is quite a bit more substantial than that of NT administrators.

Perhaps looking at things in a different context would help me explain this subtle but profound failing of logic by this insurance company (and by extension, almost all insurance) -

You are a member of a group. We'll say you're male. We'll also say you're from 18-25, a standard demographic. Now, if we compare that to a group of 18-25 year old females with regards to driving record, say, 1000 of each, we'll find a higher incidence of accidents amongst the male population. What we won't find out, however, is how much more likely any particular member of that group is to be in an accident. It is this flaw in logic - taking concepts which apply well to groups and applying them to individuals that form the basis of most forms of discrimination, including racism, sexism, and quite a few so-called 'hate crimes'. It is also the basis of insurance in general, and insurance is just as fundamentally flawed a concept as racism is, because it makes an unjustified leap of taking something which applies to the entire group and applying it to each member.

In short, while there is a correlation here, there is not a causation. This is why I believe that insurance is one of the most pervasive and active forms of discrimination in place in this society, yet nobody seems to notice. A pity they don't, a large portion of the '-isms' in this society could be eliminated if people were illuminated on this very important economic issue. But to tie it all together - it is a bold claim to make to say an OS is 'more secure' because of this, because the results are derived from a variety of (as yet not isolated) factors.


--
Society needs therapy. It's having
trouble accepting itself.

Yes (none / 0) (#7)
by ucblockhead on Tue Jun 05, 2001 at 01:06:34 AM EST

I am sure that you are entirely right here, as it is my impression that most security breaches are due to someone screwing up, not patching, etc., rather than a fundamental flaw in the OS.

In fact, I'm fairly convinced that Windows NT, if properly managed, is more secure than Linux. (Not FreeBSD, but Linux.) If the OS itself has a weakness, it is that it encourages ignorance on the part of the managers.

And this also opens up an entirely different issue: should an insurance company charge different rates for one OS because managers of that OS tend not to do a better job? Does the matter one OS sees more breakins matter?
-----------------------
This is k5. We're all tools - duxup
[ Parent ]

NT security (none / 0) (#14)
by starbreeze on Tue Jun 05, 2001 at 12:37:24 PM EST

Wow... Youre about the first person I've ever seen agree with me. I admin an NT network. Yes I have a linux partition, but since I came here and everything had been running NT, I left it, and haven't been here long enough to think about implementing that serious of a change. Granted, if you don't properly admin NT servers and don't bother with the trillion security patches MS has provided, sure it'll be insecure. NT isn't so bad, I made a serious effort to learn everything I could about it and it's security because I think that should be a definite priority, and not an afterthought like I've seen so often. I don't want to get into the OS war, like I said, I also run linux. But a poorly secured linux box can be more insecure than a default NT install.

~~~~~~~~~
"There's something strangely musical about noise." ~Trent Reznor
[ Parent ]

There's also the other side of the argument (none / 0) (#15)
by Wah on Tue Jun 05, 2001 at 01:29:24 PM EST

who would you rather tell your friends you've tagged, Microsoft or Linux. Or more to the point, who would you be more afraid of getting you back? I'm sure there's lot of factors, but it is an interesting twist of economics.
--
Some things, bandwidth can't buy. For everything else, there's Real Life | SSP
[ Parent ]
Insurance or the alternative? (none / 0) (#18)
by SlydeRule on Wed Jun 06, 2001 at 11:59:36 AM EST

The whole point of insurance is that it spreads risk across a peer group, which does rather require that their customers be categorized into peer groups.

There is a much deeper question here, though.

The call seems to be, "I am an individual, dammit, and I demand to be judged as an individual and not as a generic member of various categories."

Are you really sure that you want that? How many of us could really withstand a fair and honest judgment of ourselves as individuals?

It has often been observed that most people consider themselves to be "above average". This statistical impossibility suggests that they would be in for an awful shock if fairly judged:

We have the results of your comprehensive tests here. They do not show that you will ever amount to anything of value to our society. In the interest of preserving the Earth's precious resources, we hereby find that you are the weakest link. Goodbye.


[ Parent ]
Another good link (none / 0) (#11)
by wiredog on Tue Jun 05, 2001 at 08:59:04 AM EST

From the March 15, 2001 Crypto-Gram by Bruce Schneier. "Businesses achieve security through insurance. They take the risks they are not willing to accept themselves, bundle them up, and pay someone else to make them go away. " Some follow up letters from his readers.

"Anything that's invented after you're 35 is against the natural order of things", Douglas Adams
NT -vs- CP/M security (3.33 / 3) (#16)
by clover_kicker on Tue Jun 05, 2001 at 01:59:48 PM EST

Someone wrote a comparison between NT and CP/M, you can find it at http://www.oualline.com/col/cpm.html. It's worth a chuckle, maybe two.
--
I am the very model of a K5 personality.
I intersperse obscenity with tedious banality.

Yep :-) (none / 0) (#17)
by ucblockhead on Tue Jun 05, 2001 at 03:37:40 PM EST

Yeah, that's why the "CP/M" option is there. (Though I forget the slash, bad bad!)

"CP/M" isn't a "Joke" option. It's the right answer!
-----------------------
This is k5. We're all tools - duxup
[ Parent ]

Thats pretty good... (none / 0) (#20)
by juln on Thu Jun 07, 2001 at 11:21:28 AM EST

Where can I get one of those CP/M systems? It actually soudns pretty attractive.
CP/M migration is going to be a hot topic this year.

[ Parent ]
As Expected (1.33 / 3) (#19)
by hodeestrawsa on Wed Jun 06, 2001 at 05:06:17 PM EST

Just what you'd expect from the Linux geekboy set here at the kuro5hin home for slashdot rejects. Those of us who know something about business know exactly what is going on. A mediocre insurance company looking for free press drops a troll at slashdot's feet, and they buy it hook, line and sinker.

(That kuro5hin follows suit should come as no surprise. Slashdot's little lapdog follows wherever it leads, loudly proclaiming its loudly and proudly as its chain is yanked.)

The guys at Wurzler ain't stupid. They make sure no mention is made of these supposedly varying rates in any press release on their site. They don't want the corporate clients, the ones with brains, to notice their troll. They just drop it into the right geekboy inbox, looking to add some of the more foolish clients to their roster. It never hurts to have stupid clients. Assuming that they have clients.

You have to hand it to the marketting department at Wurzler. Like all great trolls, this has an element of truth to it. Hackers do like to target Windows systems. But it is clear to anyone who is paid real money to be in this business that hackers target Windows because all the important corporate sites run Windows. (With a few minor exceptions. It takes a while for some fools to get a clue.) If enough people bang on something, one of them is going to find a hole. With more people banging on Windows, more holes are found.


-------------------

Giving fools a clue, free of charge.

Insurance company charges Windows NT customers more. | 20 comments (12 topical, 8 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!