Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management

    Fixing Security Flaws Isn’t Just Microsoft’s Responsibility

    By
    Don Reisinger
    -
    September 16, 2009
    Share
    Facebook
    Twitter
    Linkedin

      In the world of PC computing, it’s fashionable to beat on Microsoft for all the security issues that have plagued the space. Whether it’s Apple mocking Windows security in its “I’m a Mac, I’m a PC” ads or countless security experts performing research on all the issues facing Windows, at least some are pointing to Microsoft’s OS as the culprit behind all their security problems.

      It’s a common point of reference for those who love Macs. And it’s a “go-to” for those who want to blame the spyware breakout on someone other than themselves.
      But when it comes time to objectively evaluate the Windows ecosystem, a much different conclusion might find its way into the discourse. Although Microsoft is to blame for some of the Windows issues users are forced to deal with, a recent study has found that unpatched client-side apps might be providing gaping holes in Windows security that Microsoft can’t even control.
      According to a report from the SANS Institute, client-side software that users haven’t patched has become a major problem as security companies try to battle malicious hackers. That has led to “waves of attacks” hitting PCs and impacting everyone from consumers to major enterprises, the SANS Institute contends.
      “On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities,” SANS reported. “In other words, the highest-priority risk is getting less attention than the lower priority risk.”
      Assuming what the SANS Institute has found is indeed true, it’s not beyond the realm of reason to say Microsoft might not be the biggest problem in the Windows ecosystem. Granted, hackers are attacking Windows PCs because there are more of them and they are arguably easier to break into than PCs running other operating systems. But some of the culpability in security outbreaks must rest with users and IT managers who take far too long to patch their applications.
      Over the past few years, Microsoft has made focusing on security a key component in its strategy. More often than not, the company is patching potential issues before they arise. And when an outbreak slips through the cracks, Microsoft has generally done a fine job of addressing those issues before they get out of hand.

      Its Time to Share Responsibility for Security

      Companies aren’t following suit. Although many developers haven’t been as quick to patch issues as Microsoft, those using the applications haven’t been so quick to update their software when patches are released. As the SANS Institute pointed out, it takes “major enterprises twice as long” to finally update applications as it does to install operating system updates. And in the process, they’re becoming subject to problems that have an impact on their productivity.
      So while blaming Microsoft is the easy thing to do, perhaps it’s major enterprises and smaller companies that should be looking in the mirror. When security outbreaks occur or a developer releases a patch, it’s incumbent upon all companies to install those updates as soon as possible. As the SANS Institute found, that’s not happening right now.
      Microsoft still bears some blame
      But as much of a problem as it is that companies simply aren’t doing enough to ensure security in their operations, it’s important to remember that Microsoft is still at fault. Just because the SANS Institute found that Windows is being updated more frequently, it doesn’t necessarily mean that Microsoft is the bellwether for how companies should handle software security issues.
      Microsoft needs to do much more than it is right now. For years, the company’s operating system has been a target for malicious hackers. And those hackers have had a generally easy time infiltrating Windows PCs and wreaking havoc. Although it’s debatable just how secure Mac OS X is compared with the competition, Apple has built in several features, including sandboxing, that has helped it limit outbreaks. Microsoft needs to come up with solutions of its own.
      That said, Microsoft has been more upfront about security issues than it has been in the past. The company has significantly improved Windows XP’s security through Service Pack 3. Windows Vista was vastly improved with the release of Service Pack 1. Microsoft claims that Windows 7 will be its most secure operating system yet. We can all hope that that will be the case, but regardless of whether it is or not, one thing is certain: Multiple layers of security will be needed.
      So it seems that the security business is tough to gauge. Although Microsoft’s operating system isn’t the only reason for problems, it is a significant contributing factor. But it’s important for us all to realize that our own actions bear some of that burden, as well.

      Don Reisinger
      Don Reisinger is a longtime freelance contributor to several technology and business publications. Over his career, Don has written about everything from geek-friendly gadgetry to issues of privacy and data security. He became an eWEEK contributor in 2009 producing slide shows focusing on the top news stories of the day. When he's not writing, Don is typically found fixing computers or playing an old-school video game.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×