Security Gaps Arent All Microsofts Fault

Mere hours after Microsoft officially launched visual Studio .Net, reports of a potential security flaw in the .Net compiler rolled in (see www.eweek.com/links).

In this case, the timing of the release is highly suspect, and the company that reported the flaw sounds like its either out to get a little fast fame or has something against Microsoft to begin with (not that there arent hundreds of companies that wouldnt do exactly the same thing).

Whether or not the ties are justified, Microsoft has become synonymous with security concerns. Wow! Thats even worse than being associated with bugs. Just imagine if Microsoft were releasing Windows 3.0 or ME now, instead of Windows XP. It would be all over. As futurist George Gilder might say, “Checkmate!”

Of course, wed all have a lot less software to deal with. But who knows, maybe wed be more efficient and productive.

It troubles me, however, that Microsoft has become the poster child and whipping boy of the security industry. Microsoft may indeed have hundreds of minor security flaws to fix in addition to the big ones, such as those in IIS. Some of these problems have developed because of the shift from the single-user PC environment to the dramatically different Internet computing.

Others have developed because Microsoft took too long to evolve past its intense feature culture. The company could have caught some clues in the early 1990s when users complained loudly of feature bloat and more standardized file formats.

But now Microsoft has admitted its problems with security, has become extremely proactive about flaws and currently screws up only when it tries to “Activate” its customers or attempts to automatically update their files.

Its still going to be the whipping boy. But more intelligent people will realize that the Internet is a wide-open system vulnerable to attack just because its there. In fact, good old BIND tops SANS list of Unix security problems, and SNMP, which made news recently, also made the top 10. There are literally thousands of security flaws that have nothing to do with Microsoft.

While these facts are not going to change anyones perception of the company, it doesnt do anyone any good to pass blame blindly on to Microsoft.