Microsoft Still Suffers Insecurity Complex

By Jim Rapoza  |  Posted 2002-01-07 Print this article Print

Microsoft just endured one of its worst years ever when it comes to security problems, which is really saying something.

Microsoft just endured one of its worst years ever when it comes to security problems, which is really saying something. And to top things off, it ended the year with a near flood of trouble—from new viruses attacking Outlook to holes in IE 6.0 to vulnerabilities in SQL Server to a serious hole in its "most secure" operating system, Windows XP.

Whenever I bring up Microsoft security problems, someone is bound to say something like "They have the most problems because they are targeted more than anyone." There is a bit of truth in that, but the company could make life a little harder for people who are targeting it.

Instead, Microsoft—again and again—allows security to play second banana to whatever cool, new productivity feature it wants to add, no matter how much lip service it pays to improving security.

When Microsoft introduced active content in Outlook, we, along with many in the security community, said it would create a security risk. But Microsoft blew these warnings off as theoretical and, instead, touted the gains that would be made by making mail more automatically responsive. The same things were said about programming in Office documents, ActiveX in browsers and poor default configurations in IIS.

Every time, Microsoft decided to tout marginal features now and deal with the security fallout later.

Now we have a major problem in Windows XP that makes it possible for attackers to remotely take over systems. Was this a surprise?

Of course not. Every review we did brought up the potential security risks of all the remote management and automated remote features in Windows XP. But Microsoft simply responded that Windows XP is the most secure Windows operating system ever, and, hey, arent those remote features cool?

Will this change?

On the server side, Microsoft seems to be making good moves to make systems more secure by default. However, when it comes to productivity and general-use products, I think that worries about potential security risks will always be pushed aside to make way for the latest cool, new feature.

Does Microsoft sacrifice security in favor of new features? Let me know at

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel