Oxymoron: Microsoft security

“As if Homeland Security Secretary Michael Chertoff didn’t have enough on his plate. Not only has he had to deal with Katrina and Osama. Now he’s also got to whip Steve Ballmer and the crew at Microsoft into shape. If past is prologue, that last task may be the most daunting of all,” Charles Cooper writes for CNET.

:In a remarkable declaration earlier this week, the Department of Homeland Security–a bureaucracy set up to deal with stuff that generally falls under the category of national emergency–called on all users of Windows software to install a new security patch issued by Microsoft,” Cooper writes. “This wasn’t your garden variety flaw. The fear in Washington was a repeat of something like the chaos caused by the MSBlast worm in 2003.”

Cooper writes, “By now, Chertoff’s people must be thoroughly frustrated that Microsoft still turns out poorly designed products. What with terror plots being uncovered overseas and threats of airline bombings, cybersecurity obviously is not the top headline this week. But the threat of a network meltdown has not disappeared–especially when flaws so regularly turn up in Windows, the computer operating system most people in this country use.”

Cooper writes, “Defenders will argue that it’s unfair to demand perfection from Microsoft; that software is an imperfect art. And besides, they add, is the Mac operating system or Linux bulletproof? Clearly, the answer is no. But the number of security holes turning up in either operating system is a fraction of what turns up in the Windows world.”

Cooper writes, “Here’s something to consider: If bridge builders or airplane designers applied the same standards to their labors, do you believe that the public would so easily forgive the regularity with which bridges would collapse and airliners fall out of the sky?”

Full article here.

[Thanks to MacDailyNews Reader “LinuxGuy and Mac Prodigal Son” for the heads up.]

It’s really sad that so many people have to be wary about opening email, visiting websites, chatting with presumed “buddies,” or downloading music, photos, movies or other files over the Internet. No one should have to zealously guard their computers against spyware, viruses, trojan horses, or various other types of malware. Or run a bewildering assortment of (quickly obsolete) virus-protection apps. And no one should have to run a computer to a nearby computer store, so it can be “cleaned” on a routine basis. Do you know why people put up with that? If their cars didn’t drive where they wanted to go; their TVs didn’t play what they wanted to watch; or their phones didn’t connect to the party they called, how long would they keep using them? Apple provides more info online about Mac security here.

Related MacDailyNews articles:
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Get a Mac: Viruses, spyware cost U.S. consumers $7.8 billion over last two years – August 08, 2006
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Ballmer analyzes Microsoft’s One Big Mistake, Vista… er, ‘One Big’ Vista Mistake – August 02, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Windows virus threatens 170-year-old Toledo newspaper’s perfect record, Apple Macs save the day – January 27, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

US Department of Homeland Security: patch Microsoft Windows now or risk complete system compromise – August 10, 2006
CCIA wants U.S. Dept. of Homeland Security to reconsider buying ‘insecure Microsoft software’ – August 29, 2003
U.S. Department of Homeland Security says Windows vulnerable to attack – August 01, 2003
Department of Homeland Security chose Microsoft due to time and money limitations – July 21, 2003
U.S. Department of Homeland Security awards enterprise agreement to Microsoft – July 15, 2003

42 Comments

  1. The bridge and airplane analogy is similar to the car analogy that I have used for years. The next time someone is bitching about how their Dull is running slow and they want to buy another one. Ask them if they bought a car from Ford and it ended up in the shop every week for repairs, would they buy another Ford? Light bulbs start turning on.

  2. I WHOLEHEARTEDLY SECOND THE COMMENT FROM ANDY

    I WHOLEHEARTEDLY THIRD THE COMMENT FROM ANDY

    I WHOLEHEARTEDLY FOURTH THE COMMENT FROM ANDY

    I’d like to include that it is extremely worrisome that Banking and other Financial institutions would still continue to base their online operations on a platform coded by Microsoft.

  3. theloniousMac, security holes don’t come close to equaling exploits, and shouldn’t get the same amount of publicity.

    First, a hole can let you past one level of security, but not the next, so it may not be possible to do anything meaningful with the hole. Second, exploiting a hole may require one or more non-standard setups in order to be useful to a hacker, as we’ve seen with the unsuccessful trojan released last spring that required a specific Bluetooth setup in order to propagate. And finally, a hole may require sophisticated techniques, extensive knowledge of the OS, and a great deal of work to be exploited.

    All of these help to explain why OS X has had holes discovered, but no successful exploits. The fact that Windows has had so many successful exploits suggests that: 1) Once you get past Window’s front line security, you’re in control. 2) Many Windows holes do not require non-standard setups. 3) Many Windows holes are relatively easy to exploit.

  4. I think we should start writing and calling our financial institutions, governments, etc, and start asking why #1 they are gambling with OUR security/money/livelihood by using Windows, and #2 request (not demand like the obnoxious Mac Users we’re so branded for being) that they CEASE and DESIST immediately considering what issues even NON-Mac users will admit to having and dealing with on the M$ side.

    I’ve already dropped one bank for having horrible online GUI’s that don’t jive with Safari (or Firefox !!) well and for having their ‘brand new HP’s’ seize up during simple queries!

    Does anyone else not see the way to Apocalypse (the death of our online-existing global persona) by way of the Gates and Ballmer squad?

    MDN-W – ‘meaning’ as in appreciate the ‘meaning’ of our existence and choose a better platform!

  5. Just wanted to add this –

    ‘livelihood’ is defined as “The means of SECURING the neccessities of life” – something I think everyone using a beige box should consider. Kind of fits considering how many of us make rent staring at a screen all day.

  6. It’s about time more people recognize that:

    1. Windows is completely unsuitable for any kind of networking.

    2. Windows is completely unsuitable for any “mission critical” service.

    Scary indeed to consider how much of our economy and government is based on such a fragile, unsecure platform. Cray to think it makes pen-and-paper look good in comparison.

    Here’s to the day businesses & institutions demand real IT security from each other, they same way they demanded Y2K preparedness.

  7. I’ve already dropped one bank for having horrible online GUI’s that don’t jive with Safari (or Firefox !!) well and for having their ‘brand new HP’s’ seize up during simple queries!

    My experience is online banking stinks.

    Poor security, lousy UI’s, snail-slow performance (when there aren’t server errors). It’s more effective to bank in person or over the phone.

    Heh maybe Apple should get into banking. We need something that “just works”. ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  8. To top it off: check out the Security Now! podcast concerning the new Vista networking stack; all new, completely rewritten—including all the old bugs that have been fixed since Win95. Scary for Windows users!

  9. Bankers Hours….

    You might wanna give Washington Mutual a try.

    I’ve been banking online with them for years now, using safari… no problems other than they use Sunday night to do their web page updates, and that’s when I used to want to pay my bills.

    I don’t even use paper checks anymore, or cash. Just the online bill pay and the atm card.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.