Microsoft Must Do More to Secure Systems
Latest News
SHARE
Facebook X Pinterest WhatsApp

Microsoft Must Do More to Secure Systems

Written By
Henry Baltazar
Henry Baltazar
Dec 10, 2001
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Based on what we have seen in Windows .Net Beta 3, Microsoft is trying to make its flagship operating system more secure, but it needs to make more changes. Fundamentally, Microsoft may need to sacrifice some usability to get Windows security where it should be.

In talks with Microsofts IIS team, we learned that they were creating lock-down tools to give IT managers an easy way to harden Web servers. However, as we have seen again and again, IT managers dont always take the steps required to protect servers from known flaws.

Microsoft can try to wash its hands of these security flaws by blaming IT managers who dont patch their servers immediately when fixes are published to the Web, but I feel the company has an obligation to ship operating systems that have tightened security by default.

During a default installation, Windows .Net allows you to create administrator accounts with blank passwords. If Microsofts masterminds can put such an effort into creating wizard-based interfaces for signing up for MSN, why couldnt they create a simple wizard to help IT managers create and set up secure passwords?

Blank passwords are nice from an ease-of-use standpoint, but they trivialize security. In the new Windows .Net beta, Microsoft tries to harden security by preventing users from accessing servers remotely using blank passwords, but in tests at eWeek Labs, we found that this block doesnt apply to the administrator account. (For Labs review of Windows .Net Beta 3, go to www.eweek.com/links.)

Microsoft could tighten security by limiting the number of services that are initiated automatically in default installations. It is hesitant to do this because it is afraid that application compatibility will suffer. (Applications sometimes abort installation when a required Windows service is missing or not running.) Id rather spend a couple of minutes adding a service before installing an application than have an unnecessary service running on my servers.

Usability is important in all operating systems, but in the grand scheme of things, security and reliability should be ranked far ahead.

Senior Analyst Henry Baltazar can be reached at henry_baltazar@ziffdavis.com.

Henry Baltazar
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information