Browser security is a big problem. To you and me. And particularly, to Microsoft. Now, according to folks up in Redmond (and contrary to the expectations of many) it wont release the XP SP2 security fixes for earlier browsers and versions of its operating system. The only way Microsoft says it can secure Internet Explorer is to require the use of Windows XP as the platform.
Some people will allege that this is Microsofts way of strong-arming people onto an operating system they dont want. Instead, my take is that Microsoft here is simply throwing up its hands at the problem. Why? Because even the worlds largest software maker can find the task of securing just one operating system too much to handle.
My rationale for this assumption is that Microsoft may be many things, but it isnt stupid. The downside of not securing Windows 98, in particular, is significant, both for Microsofts enterprise customers still using the almost-ancient OS as well as for the security of the Internet overall.
Despite the widely-held belief to the contrary, Microsoft is not omnipotent and is simply incapable of forcing people to move from one OS to another before they are ready. Microsoft may provide incentives, but the security features found in Windows XP Service Pack 2 may not be enough to make companies trash a bunch of perfectly good Windows 98 machines for newer hardware capable of running Windows XP.
In fact, it is probably not in Microsofts best interest to force such a move even if it could. Today, a Windows 98 machine that is orphaned because it lacks the necessary oomph to run XP SP2 can become a capable Linux box in about an hour, maybe less.
These Linux machines, plus other such retrofitted boxes, would be perfect for enterprise customers who dont specifically require Microsoft Office but need up-to-date security.
Now, I am skeptical enough of desktop Linux—which is to say totally skeptical—not to see this as a serious kink in Microsofts armor. Still, given that Microsoft takes any Linux incursions about a seriously as the North Koreans might take U.S. forces crossing the 38th parallel, youd think abandoning Windows 98, NT, and 2000 users to even the possibility of Linux installations would be something Microsoft would be loathe to do.
Meanwhile, theres also the issue of whether corporate Win 98 users actually need the SP2 fixes or whether they can be secured behind firewalls and proxy servers. If Microsoft doesnt want to secure its older operating systems, then it might do more to help enterprises secure the machines they already own using other means, such as backing third-party solutions.
This position would be well accepted by IT managers and might reduce the attractiveness of Linux even for the small number of customers keen on turning old Windows hardware into new Linux desktops.
We also must weigh the impact that insecure machines in the homes of consumers would have on the Internet overall. Fortunately, Windows XP seems to have better consumer penetration than corporate. Still, there are still many millions of Win98 machines sitting in peoples houses, connected to always-on broadband.
For the sake of everyone connected to the Internet, Microsoft ought to be doing more to secure these machines.
Be sure to add our eWEEK.com Windows news feed to your RSS newsreader or My Yahoo page