-------- Original Message --------
Subject: Insurer Considers Microsoft NT High-Risk - ZDNet Discussion
Zaplet
Date: Tue, 29 May 2001 08:44:45 -0700
From: "smitty" <76543a@mpinet.net>
Reply-To: "smitty" <76543a@mpinet.net>
To: 76543a@mpinet.net
smitty has sent you a new type of interactive message called a Zaplet.
Click here to view your Zaplet
Problems viewing this Zaplet? Copy and paste this URL to your browser:
http://zaplet.zaplet.com/servlet/Z?m=2_QAqcYWgaH5rwdmTPuwkt25oB
[Image]
[Image]
[Image]
[Image] [Image] [Image]
[Image] smitty has sent you a ZDNet Discussion [Share this Zaplet with other people]
[Remind people to respond to this Zaplet]
Zaplet:
[Obtain a view suitable for printing]
You will find a story from ZDNet below, along with a [Send new Zaplets]
private discussion area where only you and the other
recipients of this email can post comments.
Sign up to receive ZDNet Newsletters
What is
( 5/29/01 8:44 AM PDT / VIEW all recipients ) a
Zaplet?
[Image] [Image]
[Image][Image]
[Image][Image]
[Image] [Image]
You must have Javascript enabled to access all Zaplet features. Insurer Considers
Discuss This Story Microsoft NT
High-Risk
By Robert Bryce,
[Image] Interactive Week
[Notification Status] May 28, 2001 2:45 AM
[Image] PT
[Chart of the current discussion status. You must be online to view the discussion.]
[Image] [Image] Microsoft's server
software is easy to
install, loaded with
features and fairly
reliable. It may
also be more costly
to insure against
hack attacks.
J.S. Wurzler
Underwriting
Managers, one of the
first companies to
offer hacker
insurance, has begun
charging its clients
5 percent to 15
percent more if they
use Microsoft's
Windows NT software
in their Internet
operations. Although
several larger
insurers said they
won't increase their
NT-related premiums,
Wurzler's
announcement
indicates growing
frustration with the
ongoing discoveries
of vulnerabilities
in Microsoft's
products.
Some industry
observers believe
other insurers may
follow Wurzler's
lead, which could
affect the overall
hacker insurance
market, a sector
that the Insurance
Information
Institute estimates
may generate $2.5
billion in annual
premiums by 2005.
"We saw that our
NT-based clients
were having more
downtime" due to
hacking, says John
Wurzler, founder and
CEO of the Michigan
company, which has
been selling hacker
insurance since
1998.
Wurzler said the
decision to charge
higher premiums was
not mandated by the
syndicates
affiliated with
Lloyd's of London
that underwrite the
insurance he sells.
Instead, the move
was based on
findings from 400
security assessments
that his firm has
done on small and
midsize businesses
over the past three
years.
Wurzler found that
system
administrators
working on open
source systems tend
to be better trained
and stay with their
employers longer
than those at firms
using Windows
software, where
turnover can exceed
33 percent per year.
That turnover
contributes to
another problem:
System
administrators are
not implementing all
the patches that
have been issued for
Windows NT, Wurzler
said.
According to
Microsoft's Web
site, more than 50
vulnerabilities -
and the patches to
fix them - have been
issued for Windows
NT server software
since June 1998.
Microsoft spokesman
Jim Desler said the
hacker insurance
market is still too
young to declare
Wurzler's move a
trend. "There's not
enough history or
business to draw
conclusions about
rate-setting
practices," Desler
said. As the market
matures, rates are
likely to be based
on best practices,
rather than on
platforms or
products, he
predicted. "We
provide unparalleled
support in the area
of security."
American
International Group,
the country's
largest insurance
underwriter, said it
will not raise its
rates for Windows
NT-based systems.
Nor will Aon, the
world's second
largest insurance
broker. The use of
NT is "just one
factor in the
overall assessment
of risks. It can be
an indicator of
other
vulnerabilities, but
you may also have
other things in
place to counter
that, like firewalls
and
intrusion-detection
systems," said Kevin
Kalinich, a director
in Aon's technology
and
telecommunications
group.
However, Harry
Croydon, CEO of
Safeonline, a London
risk analysis firm
that works with
underwriters at
Lloyd's, predicted
that Wurzler's
decision to charge
more for Windows NT
machines is "a trend
we will see
increasing." Just as
drivers who own rare
cars pay more to
insure them, Croydon
said, "certain types
of software expose
you to different
risks."
Although Wurzler's
company is small -
eight employees -
digital security
firms are watching
it closely. Bruce
Schneier,
Counterpane Internet
Security's
co-founder and chief
technical officer,
said it makes sense
for underwriters to
differentiate
premiums based on
the type of software
and hardware that's
used. "Insurance
companies are
looking to manage
their risk
effectively. If
there's a technology
that reduces risk,
they'll charge lower
premiums," Schneier
said.
Indeed, several
insurers offer
discounts to clients
that use managed
security service
providers or put
certain security
devices on their
networks. For
example, last week,
AIG said it will cut
premiums up to 10
percent for clients
that use a new
security device made
by Invicta Networks,
a Virginia company
headed by Victor
Sheymov, a former
KGB agent. Invicta
claims its device,
which uses an
Internet Protocol
address-shifting
technology, is
impossible to hack.
Windows-based
servers are
frequently
victimized by
hackers. From August
1999 to November
2000, 56 percent of
all the successful,
documented hack
attacks occurred on
systems using
Microsoft server
software, according
to statistics posted
at Attrition.org, a
Web site that
records hackers'
exploits.
Given Windows NT's
record, Gene
Spafford, the
director of Purdue
University's Center
for Education and
Research in
Information
Assurance and
Security, believes
higher insurance
premiums may be
justified. "NT is
more difficult to
install correctly
and keep up to date
than Linux,"
Spafford said.
Right now, it
appears that Wurzler
is going it alone
among insurers by
charging higher
premiums to Windows
NT users. But
Wurzler said the
higher prices are
not costing his
company customers.
A policy covering
revenue lost due to
hacking costs about
$4,000 per year for
each $1 million in
coverage, he said.
About half of his
clients use Windows
NT, Wurzler said;
the rest use Linux
or Unix. Given that
breakdown, he said
it's easy to justify
higher rates for NT
machines. "Why
should a Unix player
with fewer
vulnerabilities
subsidize NT users?"
Wurzler asked.
And Wurzler's not
through with
Microsoft. He said
his firm is looking
at vulnerabilities
in Microsoft's
Internet Information
Server software, and
that it may soon
begin charging
higher premiums for
that product, too.
Sign up to receive ZDNet Newsletters
| Zaplet Help | Zaplet Feedback |
Copyright © 1999-2001 Zaplet, Inc. All rights reserved. Patent pending.
Use of Zaplets and the Zaplet web site constitutes acceptance of our Privacy
Policy and Terms of Service.
Tech Jobs | ZDNet e-centives | Free E-mail |
Newsletters | Updates | MyZDNet | Alerts | Rewards |
Join ZDNet | Members
Feedback | Your Privacy | Service Terms | Advertise
Copyright © 2000 ZD Inc. All rights reserved. ZDNet and the ZDNet logo are
trademarks of ZD Inc.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:21:04 EDT