Conclusion
SSH provided superior security while maintaining current functionality. SSH’s acceptance is demonstrated by the fact that installing SSH as an alternative to telnet is now widely considered to be a minimal security practice. The removal of telnet clients is now seen as a best practice [Fenzi, 2002], and this view has further increased the adoption of SSH.
Similar technologies such as secure file transfer protocols provide similar benefits but have not achieved nearly the same level of acceptance as SSH. We have performed an economic analysis to determine why telnet has been largely supplanted by SSH but FTP remains widely used. The consequences of a security breach exploiting clear text passwords is far reaching - the entire system is placed at risk. In many cases the risks posed by telnet and FTP were the same, but the perception of the costs to change obviously differs. An organization that provides shell accounts is likely to have an interest in the integrity of user data that extends beyond concerns for reputation and liability alone, and is also likely to be more willing to accept the difficulties and costs of the switch. How and more importantly why, does the market view one security solution as achievable, and yet ignore the other? We have attempted to find lessons to be learned about the tradeoffs that are made, and how the secure option can be made more attractive. We have shown that network externalities, usually a first order effect, were not a significant factor impeding the adoption of SSH, and that SSH offered equivalent functionality and greater ease of use. These factors were the primary consideration in the willingness to change. Additionally, we believe the openness of the standard, which facilitated the creation of numerous compatible implementations, was a key element in the economic decision made by system administrators.
How and why SSH did succeed despite the existence of an entrenched legacy tool, while similar technologies such as secure file transfer protocols have been far less successful?
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Daniel Barrett and Richard E. Silverman, SSH, the Secure Shell: The Definitive Guide, USA: O’Reilly & Associates, (2001).
Daniel Barrett and Richard E. Silverman, SSH Frequently Asked Questions, (Oct. 2000), http://www.snailbook.com/faq/restricted-scp.auto.html
Louis Bertrand, “How SSH was freed”, Daemon News (Dec. 1999), http://www.daemonnews.org/199912/openSSH.html
cPanel, Inc., cPanel, http://www.cpanel.net
Kevin Fenzi and Dave Wreski. “Linux Security HOWTO”, (June 2002), http://www.tldp.org/HOWTO/Security-HOWTO/index.html
Google, Inc. “Google Directory: SSH Clients”, (2003), http://directory.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/SSH/Clients/
Brian Hatch, “Greasing the Squeaky Wheels”, IT World.com, (September 2002), http://www.itworld.com/nl/lnx_sec/09172002/
Jupitermedia Corporation, List of Web Hosts, (2004), http://webhosts.thelist.com/
Michael L. Katz and Carl Shapiro, “Systems Competition and Network Effects”, The Journal of Economic Perspectives, Vol 8, (Spring 1994).
David Larochelle and Nicholas Rosasco, Towards a Model of the Costs of Security, (May 2003), http://www.cs.virginia.edu/larochelle/securitycosts
Damien Miller, SSH tips, tricks, and protocol tutorial, (August 2002), http://www.mindrot.org/R~djm/auug2002/ssh-tutorial.pdf
Jason Moore, personal communication, (February 2001).
Carl Shapiro and Hal R. Varian, Information Rules: a Strategic Guide to the Network Economy, Harvard Business School Press, (1999).
Clifford Stoll, The Cuckoo’s Egg: Tracking a Spy through the Maze of Computer Espionage, New York: Doubleday, (1989).
WebHostingRank.com, Web Hosting directory list guide, http://www.webhostingrank.com/cgi-bin/search/basic.cgi statistics listed as of January 2004.
Tatu Ylönen, Usenet posting of the SSH release announcement, (July 1995), message archived at http://groups.google.com/groups?hl=en&lr=&ie=UTF-Uselm=YLO.95Jull2234021%40shadows.cs.hut.fi
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Rosasco, N., Larochelle, D. (2004). How and Why More Secure Technologies Succeed in Legacy Markets. In: Camp, L.J., Lewis, S. (eds) Economics of Information Security. Advances in Information Security, vol 12. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8090-5_18
Download citation
DOI: https://doi.org/10.1007/1-4020-8090-5_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8089-0
Online ISBN: 978-1-4020-8090-6
eBook Packages: Springer Book Archive