Baltimore Sun: Microsoft’s miserable record of writing insecure software + monopoly = danger

“Critics say that Microsoft operating systems and software are so dominant on the desktop, and so prevalent in the back-end world of servers and business systems, that viruses, worms and other attacks can spread far more quickly and cause more widespread disruption than they would if the world of computing were more diverse. In other words, the dominance of Microsoft Windows has created a dangerous digital monoculture,” Mike Himowitz reports for The Baltimore Sun.

Himowitz reports, “Although computer scientists have grumbled about this for years, the issue bubbled into the public consciousness in September, when a group of security experts, backed by the Computer & Communications Industry Association, issued a report warning that the growth of the Internet and Microsoft’s hegemony (including its dominance on government desktops) posed a threat to national security.”

“This was particularly troublesome, they said, in light of Microsoft’s miserable record of writing insecure software – and its frequent security patches, which corporate and individual users may or may not learn about or bother to install,” Himowitz reports. “To be fair, the authors of the report and the trade group that backed them are longtime critics of Microsoft’s monopoly. But their conclusions ring true. Just look how fast worms and viruses such as MyDoom, Bagle.a, Sobig, MsBlast and other recent invaders that target flaws in Windows have spread. That’s a testament to the danger of a monoculture.”

So far, so good, but Himowitz is about to lose his mind – and his credibility…

Himowitz reports, “What’s the solution? To critics, it would be a more “biodiverse” computing environment, with a better mixture of operating systems and software. But what are the chances of that? The only alternatives are the Apple’s Macintosh operating system, and Linux or other variants of Unix.”

“Experts say both are more secure than Windows, but neither is perfect. Nor are any alternatives close to Windows in market penetration. Apple has less than 5 percent of the PC market, while Linux – popular for Web servers and other back-end systems – isn’t a factor in the consumer world. It’s hard to imagine a scenario in which either would threaten Microsoft’s share of the desktop market,” Himowitz reports. “Also, their relative safety lies in their obscurity. After all, who wants to write a virus for 5 percent of the market? If either were to make considerable inroads with users, it would generate far more interest among hackers, worm and virus writers than either has – and undoubtedly prove far less secure.”

[MacDailyNews: Bzzzzt. Please try again:
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004]

Himowitz writes, “Nor are most customers likely to set up digitally biodiverse environments solely for security. A mixed bag of Windows, Mac and Linux machines might be harder to put out of business, but from a management standpoint, it’s a nightmare to maintain and support. Ditto for home users. Do you want three kinds of computers with incompatible software and different user interfaces, in your house?”

[MDN Questions: How about just getting three Macs instead? And since Macs require so much less support, wouldn’t it be easier if you replaced a third of your buggy Windows boxes with Mac OS X machines? Why doesn’t Himowitz make the logical leap? You can do without Windows, Mike. Do not be afraid.]

Full article here.

24 Comments

  1. The security through obscurity has a small kernal of truth to it. It is just over emphasized and used as an excuse too much by windoze apologists. The Mac is undoubtedly more secure and with recent competitive prices a viable alternative for businesses. Especially when you consider the cost savings you can make up through lower maintenance. It is hard to call this guy dead wrong. He is just skewed a bit and puts too much emphasis on areas where it doesn’t belong.

  2. Windows viruses, worms, exploits = 80,000+.
    Mac OS X viruses, worms, exploits = 0.

    Security through obscurity is a false premise. Mac OS X is in use by 10,000,000+ installations. There should be SOME virus issues. There are NONE.

  3. Know a friend who used to work for a Research facility (one of the largest in the country) and they pretty much ran all 3 platforms in the same LAN and others were isolated for specialty & workload reasons. It has been done…therefore it can be done. I would think with a facility like that you NEED all 3 platforms. There were rocket scientists, scientists of all kinds, biologists of all kinds, chemists of all kinds, the list goes on and on…

    Some people just dont want to do it…I think they are just lazy or dont want to admit it can be done. People like that stifle innovation and the progress of mankind.

  4. I agree Fred. OS X is more secure. But Apple only having like 5 percent of the market also makes it a smaller target (just to be fair). That is why I said there was a small kernal (and kernals are tiny to begin with) of accuracy in saying this situation has an effect. You are right tho, there should at least be a few measly viruses for OS X if obscurity was its only protection.

    An interesting theory that I have heard though is that to write a virus for an OS you have to know the system. Any virii writer deciding to write a Mac virus would therefore have to use one and get to know it. As we all know, if you use a Mac you fall in love with it. Result – an automatic short circuit of the will to write such a virus. Getting to know a windoze system, however, would just make you want to write that virus more!!!

  5. interesting… he tries to make his point valid yet does he have the right number when it comes to the computer market?
    Is 5% still the share given to Apple nowadays? Or is it the pathetic excuse most windows user had in the 90s? Do we have valid numbers to prove otherwise?
    His article is interesting, yet he misses the logic to back his ideas. – He is blasting on something that he keeps on using. A bit like a farm chicken who shits where she eats.
    Peace.

  6. If security is obtained through obscurity then way was there a set of viruses for the Classic MAC OS? It was also obscure based on the old shibboleth “market share”. Also, the vast majority of servers run various UNIX versions, yet we hear no daily litany of attacks on them.

    There is no getting around the fact: Windows is a piece of Swiss cheese and Mac OS X by comparison is Fort Knox.

  7. Careful, Jack. Your attempting to be reasonable. That doesn’t go over very well, here. These fanatics believe that, since there hasn’t been a virus on OS X, that security through obscurity is a myth. Don’t ask my how the premise leads to that conclusion; I’m not foaming at the mouth.

  8. “… Microsoft’s miserable record of writing insecure software…”

    I completely DISAGREE!!! Microsoft has an excellent record of writing insecure software; they are one of the best producers of insecure software anywhere!! If I needed insecure software for my company, Microsoft would be my company of choice. There are no others that even come close! They have my vote!!

  9. I agree with Jack. Security through obscurity, is not a false premise/theory, it just does not apply in this case. The Mac OS is more secure.

    However on the other hand it would be very easy to write an applescript or a shell script that can be emailed, and when double clicked would start to delete data in your user folder, (mail itself to others in your address book, etc.)…isn’t that a virus? The only two differences (from Windoze) being: 1) that I could not write such a script that would effect other users folders, or the Mac OS system itself, unless I was lucky enough to hit a user running in root; and 2) the script could not self install/execute like it does in Windows.

    This second reason is key to automatic and rapid proliferation of viruses. Windows was designed from the ground up to allow this automation (since it was just to damn complicated for M$ to allow the user to do it themselves!), and thus, Windows in its present form is not fixable. Windows was never built for networks, or at least secure networks.

    zac

  10. Kenny, that’s pure BS. Sure, some of the guys here get a bit emotional now. But what I have seen here is people objecting to STO as an excuse for M$’ poor performance, as in “oh, if 90% were macs they’d have just as many problems”.
    Of course the smaller user base plays a role. The type of user also plays its part. All the pathetic little script-kiddy sociopaths use windows. They’re the ones who couldn’t cut it as real class A hackers. They’re the wannabe l33ts with nothing better to do between playing quake 3 and l33ching pr0n.
    Compromising security used to be a bit of an art form. Hackers sized their egos based on the severity of the task they succeeded in. These guys didn’t just issue slight modifications of known worms that exploit publicly known holes. They often found the holes in the first place. The bunch of losers that are in the trade nowadays aren’t very intelligent and obviously don’t have much pride, and they most certainly aren’t part of the mac user base. They go with the “easy” system that everyone else has. If they had the skills to create an OS X virus they would be at it in a heartbeat. But it’s just too hard. They’d have to find a hole (one enabled by default for any serious effect) and somehow get the user to supply the admin password, and to accomplish any of this they’d have to spend considerable time using the mac. It would be the same if the mac had 50% market share. The script kiddies aren’t interested. They’re not the hackers of old that thrive on the challenge. They’re just pathetic little vandals who are too cowardly to go out at night and vandalise physical property.
    If they’d try on the mac they’d end up creating shitty techno in Garageband or they’d just give up after an hour of AppleScript and go back to the system that was built exclusively for them – Windows!

  11. I agree with Aryugaetu… when I hear the words “insecure software”, my mind immediately thinks “MICROSOFT”. You don’t get that sort of brand recognition by being miserable at writing insecure software…

    …and as it has been pointed out before, OS X does have a virus: Virtual PC!!!

  12. Whlie I think that MDN bangs on a bit too much about market share versus installed base, in this case I think installed base is what they should be talking about. They’re talking about how many computers would be affected, not how many new computers sold in the last quarter are affected.

    So for security through obscurity, installed base is important. Add the fact that Mac users are more likely to be hooked up to the internet too. There are a lot of corporate boxes that don’t have any internet connection.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.