The Community for Technology Leaders

Letters to the Editor

Pages: pp. 8-9


Dear Editors,

With respect to certain security suggestions Michael Caloyannides made in his article "Online Monitoring: Security or Social Control?" (Privacy Matters, Jan./Feb. 2004), I would like to add a few comments.

On page 82 the author states, "Given the near weekly discovery of major security flaws with Microsoft's Internet Explorer, I recommend switching to Netscape or Opera immediately." First, is Netscape or Opera fully functional or compatible with Windows, or should we also switch to another operating system? This also involves certain support issues. In other words, is it easier to support Netscape than IE? Given that IE is preinstalled with Windows, there might not be sufficient reason to take it off unless it is either extremely insecure or difficult to use.

Caloyannides further recommends switching from Outlook or Outlook Express to "another email client such as Eudora." The situation is similar to the IE example. I'd also like to point out that users' preferences will likely be based on the email utility's suitability for their purposes. As we know, many organizations have deployed Microsoft Exchange Server technology, which has full integration with the Outlook client. Unless people decide not to use Exchange Server, changing to another email application could affect functionality.

The author states that users should "never open any HTML-enabled file (such as Word or Excel) while online." Yet the beauty of email is that we can send not only messages but also attachments. Although attachments can serve as security holes, the trade-off between security and convenience must be carefully evaluated. To stop opening or even to block Word or Excel attachment could significantly reduce email's value as a communication tool.

Finally, as an administrator responsible for dozens of servers, upgrading service patches, downloading, and installing software are almost routine acts. It is hard to imagine how to follow Caloyannides' recommendation to "never go online with administrator privileges, regardless of what you renamed the administrator account to," without affecting efficiency.

I agree that security is important, but usability is equally a concern. I believe that a strong (network-level) firewall together with good antivirus programs for both mail servers and desktops already provides an "optimized" solution. In addition, data backup and workstation imaging are necessary to prepare for the worst. That way, we can avoid going as far as giving up our current systems or being scared by every email attachment.

Best regards,

—Hong-Lok Li

University of British Columbia


Dear Editors,

In reading the article "Balancing Video-Game Piracy Issues" (Pam Frost Gorder, Jan./Feb. 2004), I thought that any discussion of piracy should also ask the following questions:

  • Did the author incur any actual loss? That is, would the person performing the piracy have actually paid for a legitimate copy if they hadn't been able to pirate it? I've seen some discussions that indicate that upwards of 80 percent of the instances of piracy might not have resulted in a sale if the piracy had been prevented.
  • Given this assumption, did the visibility those pirated copies provided result in greater market awareness of the product and a resulting increase in legitimate sales? If attained, were those increased sales enough to offset the remaining instances of piracy (20 percent in this example) that didn't buy because they could get it for free? Could it be said that in some cases piracy actually increases revenue?

These questions can be asked for products other than games, including music, movies, and applications. I do believe piracy is unethical, and a reasonable effort should go into preventing and discouraging it, as well as into prosecuting those who gain "benefit" from the act of piracy. That said, I also think a more balanced approach should be developed.

—Stan Bush

We welcome your views and letters

Got comments? IEEE Security & Privacy welcomes all communications from its readers, whether to comment, make a point, or express an opinion about our pages or Web site. Letters will be edited for clarity and brevity. Please send your comments to lead editor Kathy Clark-Fisher at Or you can log onto our community forum to post your views with your peers. Please visit

60 ms
(Ver 3.x)