Microsoft Security Foundation is Cracked

By Jim Rapoza  |  Posted 2003-08-18 Print this article Print
The Blaster worm has caused (and likely will continue to cause) a lot of hassles for Windows users and network administrators. Its payload was relatively benign, since it wasnt designed to destroy data or PCs, but it did destroy something—Microsofts Trustworthy Computing initiative.

Trustworthy Computing has been on its last legs for a while, pummeled again and again by exploits of holes in Microsoft products, but Blaster has delivered the final, killing blow.

Im not attacking Microsofts coding prowess or the sincerity of the Trustworthy Computing initiative. In fact, since the inception of Trustworthy Computing, the code coming from Microsoft has been, for the most part, much better and clearly designed with security in mind. But that isnt enough.

If Im building a house, it doesnt matter if I use safer building procedures for the upper floors if the foundation is old and unstable. And thats the problem here: The Windows code base that is Microsofts biggest advantage competitively is also its biggest hurdle when it comes to building secure products.

The code that has been passed on from Windows NT to Windows Server 2003 is just too old, too big and too interconnected to ever fully secure.

Theres only one way the Trustworthy Computing initiative could work, and thats to build a new operating system from the ground up, with no legacy Windows code whatsoever. But thats probably not going to happen.

Discuss this in the eWEEK forum.
Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel