Its Time to Share Responsibility for Security
Companies aren't following suit. Although many
developers haven't been as quick to patch issues as Microsoft, those using the
applications haven't been so quick to update their software when patches are
released. As the SANS Institute pointed out, it takes "major enterprises
twice as long" to finally update applications as it does to install
operating system updates. And in the process, they're becoming subject to
problems that have an impact on their productivity.
So while blaming Microsoft is the easy thing to do, perhaps it's major enterprises and smaller companies that should be looking in the mirror. When security outbreaks occur or a developer releases a patch, it's incumbent upon all companies to install those updates as soon as possible. As the SANS Institute found, that's not happening right now.
Microsoft still bears some blame
But as much of a problem as it is that companies simply aren't doing enough to ensure security in their operations, it's important to remember that Microsoft is still at fault. Just because the SANS Institute found that Windows is being updated more frequently, it doesn't necessarily mean that Microsoft is the bellwether for how companies should handle software security issues.
Microsoft needs to do much more than it is right now. For years, the company's operating system has been a target for malicious hackers. And those hackers have had a generally easy time infiltrating Windows PCs and wreaking havoc. Although it's debatable just how secure Mac OS X is compared with the competition, Apple has built in several features, including sandboxing, that has helped it limit outbreaks. Microsoft needs to come up with solutions of its own.
That said, Microsoft has been more upfront about security issues than it has been in the past. The company has significantly improved Windows XP's security through Service Pack 3. Windows Vista was vastly improved with the release of Service Pack 1. Microsoft claims that Windows 7 will be its most secure operating system yet. We can all hope that that will be the case, but regardless of whether it is or not, one thing is certain: Multiple layers of security will be needed.
So it seems that the security business is tough to gauge. Although Microsoft's operating system isn't the only reason for problems, it is a significant contributing factor. But it's important for us all to realize that our own actions bear some of that burden, as well.