It’s a Wonder We Get Any Work Done
It was with some trepidation that I started a new ASP.NET project in Visual Studio 2005. I had already spent three hours earlier that morning cleansing errant viruses and tracking cookies off of my system, and now I was going to start IIS and open a port through my firewall and router to the outside world.
But I had been meaning to investigate development using Microsoft Virtual Earth since I sat in on a lunchtime session on the topic at TechEd in June. And I convinced colleaguePatrick Meader that an article on the technology would be a great contribution to Visual Studio magazine. So I pressed on, making remarkable progress and writing a couple of simple map applications in less than a day.
I suspect I'm like most people when it comes to system protection. I have a subscription to a comprehensive virus checker, and I mostly curse it for getting in the way. For example, my McAfee seems to either block or take an inordinate amount of time scanning outgoing mail, so I have to turn off that particular feature to send any mail. But mostly I deal with the hassles, including much too frequent upgrade and special deal pop-ups, because I have a vague sense that it is good for me.
I use Windows XP Firewall, and also depend on my router to deflect any attack based on my IP address. I don't visit questionable sites and don't (voluntarily) download software that I don't know. In other words, I'm not particularly attentive, but I don't do stupid things.
Yet still I had to spend several hours cleaning my system. Of course, by working on a Virtual Earth application using the Virtual Earth Map Control and ASP.NET, I had to turn on IIS and open a port to the Internet. I regret to say that by the end of the day I once again started getting suspicious messages from McAfee, indicating still more viruses and tracking cookies. These messages will almost certainly lead to another round of cleaning over the weekend.
Enterprise developers often have to operate under a lot of restrictions. In some cases, they cannot even be local system administrators for their own development systems. In all cases, they have to perform regular virus scans and comply with enterprise and IT restrictions on Internet access.
These restrictions make it difficult to write services applications such as the type that Virtual Earth enables with ease. You have to be as diligent at keeping your system clean and satisfying corporate mandates as you do at writing quality code.
Some developers are able to approach system security with the same mindset that they do writing code, and it becomes a part of the normal work routine. Even then, it is a drain on software development productivity.
I don't code enough to have that approach. For me, and I'm sure for others, it is just a time-consuming chore undertaking only when necessary. But the cost of both illegitimate and technically-legal-but-shady intrusions (like Microsoft's Genuine Windows Advantage) take an enormous toll on our ability to do our jobs.
Posted by Peter Varhol on 08/26/2006