Fixing Security Flaws Isn't Just Microsoft's Responsibility
News Analysis: Microsoft gets hit hard with criticisms of its inability to adequately protect its users. But a recent study from the SANS Institute indicates users and software developers may also be at fault. It's time for IT managers and individual users to take responsibility for updating and patching all their applications and operating systems in a timely manner.In the world of PC computing, it's fashionable to beat on Microsoft for all the security issues that have plagued the space. Whether it's Apple mocking Windows security in its "I'm a Mac, I'm a PC" ads or countless security experts performing research on all the issues facing Windows, at least some are pointing to Microsoft's OS as the culprit behind all their security problems. It's a common point of reference for those who love Macs. And it's a "go-to" for those who want to blame the spyware breakout on someone other than themselves.
But when it comes time to objectively evaluate the Windows ecosystem, a much different conclusion might find its way into the discourse. Although Microsoft is to blame for some of the Windows issues users are forced to deal with, a recent study has found that unpatched client-side apps might be providing gaping holes in Windows security that Microsoft can't even control.
According to a report from the SANS Institute, client-side software that users haven't patched has become a major problem as security companies try to battle malicious hackers. That has led to "waves of attacks" hitting PCs and impacting everyone from consumers to major enterprises, the SANS Institute contends.
"On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities," SANS reported. "In other words, the highest-priority risk is getting less attention than the lower priority risk."
Assuming what the SANS Institute has found is indeed true, it's not beyond the realm of reason to say Microsoft might not be the biggest problem in the Windows ecosystem. Granted, hackers are attacking Windows PCs because there are more of them and they are arguably easier to break into than PCs running other operating systems. But some of the culpability in security outbreaks must rest with users and IT managers who take far too long to patch their applications.
Over the past few years, Microsoft has made focusing on security a key component in its strategy. More often than not, the company is patching potential issues before they arise. And when an outbreak slips through the cracks, Microsoft has generally done a fine job of addressing those issues before they get out of hand.