Security Gaps Arent All Microsofts Fault

By John Taschek  |  Posted 2002-02-25 Print this article Print

There are thousands of security flaws that have nothing to do with Microsoft.

Mere hours after Microsoft officially launched visual Studio .Net, reports of a potential security flaw in the .Net compiler rolled in (see

In this case, the timing of the release is highly suspect, and the company that reported the flaw sounds like its either out to get a little fast fame or has something against Microsoft to begin with (not that there arent hundreds of companies that wouldnt do exactly the same thing).

Whether or not the ties are justified, Microsoft has become synonymous with security concerns. Wow! Thats even worse than being associated with bugs. Just imagine if Microsoft were releasing Windows 3.0 or ME now, instead of Windows XP. It would be all over. As futurist George Gilder might say, "Checkmate!"

Of course, wed all have a lot less software to deal with. But who knows, maybe wed be more efficient and productive.

It troubles me, however, that Microsoft has become the poster child and whipping boy of the security industry. Microsoft may indeed have hundreds of minor security flaws to fix in addition to the big ones, such as those in IIS. Some of these problems have developed because of the shift from the single-user PC environment to the dramatically different Internet computing.

Others have developed because Microsoft took too long to evolve past its intense feature culture. The company could have caught some clues in the early 1990s when users complained loudly of feature bloat and more standardized file formats.

But now Microsoft has admitted its problems with security, has become extremely proactive about flaws and currently screws up only when it tries to "Activate" its customers or attempts to automatically update their files.

Its still going to be the whipping boy. But more intelligent people will realize that the Internet is a wide-open system vulnerable to attack just because its there. In fact, good old BIND tops SANS list of Unix security problems, and SNMP, which made news recently, also made the top 10. There are literally thousands of security flaws that have nothing to do with Microsoft.

While these facts are not going to change anyones perception of the company, it doesnt do anyone any good to pass blame blindly on to Microsoft.

As the director of eWEEK Labs, John manages a staff that tests and analyzes a wide range of corporate technology products. He has been instrumental in expanding eWEEK Labs' analyses into actual user environments, and has continually engineered the Labs for accurate portrayal of true enterprise infrastructures. John also writes eWEEK's 'Wide Angle' column, which challenges readers interested in enterprise products and strategies to reconsider old assumptions and think about existing IT problems in new ways. Prior to his tenure at eWEEK, which started in 1994, Taschek headed up the performance testing lab at PC/Computing magazine (now called Smart Business). Taschek got his start in IT in Washington D.C., holding various technical positions at the National Alliance of Business and the Department of Housing and Urban Development. There, he and his colleagues assisted the government office with integrating the Windows desktop operating system with HUD's legacy mainframe and mid-range servers.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel