In the world of PC computing, it’s fashionable to beat on Microsoft for all the security issues that have plagued the space. Whether it’s Apple mocking Windows security in its “I’m a Mac, I’m a PC” ads or countless security experts performing research on all the issues facing Windows, at least some are pointing to Microsoft’s OS as the culprit behind all their security problems.
It’s a common point of reference for those who love Macs. And it’s a “go-to” for those who want to blame the spyware breakout on someone other than themselves.
But when it comes time to objectively evaluate the Windows ecosystem, a much different conclusion might find its way into the discourse. Although Microsoft is to blame for some of the Windows issues users are forced to deal with, a recent study has found that unpatched client-side apps might be providing gaping holes in Windows security that Microsoft can’t even control.
According to a report from the SANS Institute, client-side software that users haven’t patched has become a major problem as security companies try to battle malicious hackers. That has led to “waves of attacks” hitting PCs and impacting everyone from consumers to major enterprises, the SANS Institute contends.
“On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities,” SANS reported. “In other words, the highest-priority risk is getting less attention than the lower priority risk.”
Assuming what the SANS Institute has found is indeed true, it’s not beyond the realm of reason to say Microsoft might not be the biggest problem in the Windows ecosystem. Granted, hackers are attacking Windows PCs because there are more of them and they are arguably easier to break into than PCs running other operating systems. But some of the culpability in security outbreaks must rest with users and IT managers who take far too long to patch their applications.
Over the past few years, Microsoft has made focusing on security a key component in its strategy. More often than not, the company is patching potential issues before they arise. And when an outbreak slips through the cracks, Microsoft has generally done a fine job of addressing those issues before they get out of hand.
Its Time to Share Responsibility for Security
Companies aren’t following suit. Although many developers haven’t been as quick to patch issues as Microsoft, those using the applications haven’t been so quick to update their software when patches are released. As the SANS Institute pointed out, it takes “major enterprises twice as long” to finally update applications as it does to install operating system updates. And in the process, they’re becoming subject to problems that have an impact on their productivity.
So while blaming Microsoft is the easy thing to do, perhaps it’s major enterprises and smaller companies that should be looking in the mirror. When security outbreaks occur or a developer releases a patch, it’s incumbent upon all companies to install those updates as soon as possible. As the SANS Institute found, that’s not happening right now.
Microsoft still bears some blame
But as much of a problem as it is that companies simply aren’t doing enough to ensure security in their operations, it’s important to remember that Microsoft is still at fault. Just because the SANS Institute found that Windows is being updated more frequently, it doesn’t necessarily mean that Microsoft is the bellwether for how companies should handle software security issues.
Microsoft needs to do much more than it is right now. For years, the company’s operating system has been a target for malicious hackers. And those hackers have had a generally easy time infiltrating Windows PCs and wreaking havoc. Although it’s debatable just how secure Mac OS X is compared with the competition, Apple has built in several features, including sandboxing, that has helped it limit outbreaks. Microsoft needs to come up with solutions of its own.
That said, Microsoft has been more upfront about security issues than it has been in the past. The company has significantly improved Windows XP’s security through Service Pack 3. Windows Vista was vastly improved with the release of Service Pack 1. Microsoft claims that Windows 7 will be its most secure operating system yet. We can all hope that that will be the case, but regardless of whether it is or not, one thing is certain: Multiple layers of security will be needed.
So it seems that the security business is tough to gauge. Although Microsoft’s operating system isn’t the only reason for problems, it is a significant contributing factor. But it’s important for us all to realize that our own actions bear some of that burden, as well.