Slashdot Mirror
Security Affecting Microsoft's Bottom Line
kidlinux writes "The Globe and Mail has an article discussing the impact of viruses and security flaws in Windows. Apparently Microsoft has bounties out on virus writers. 'The campaign reveals just how much of a threat to Microsoft's bottom line security flaws now represent.' The effects of various worms and security issues are becoming visible in financial terms - having to deal with the security issues keeps Microsoft from closing new deals, and governments and businesses are starting to look at the alternatives, such as Linux. 'For the first time, it seemed, flaws in Microsoft's software were translating into flaws in the company's business model.'"
Time to protect the monopoly. Once in that phase, funds are diverted away from R&D and into protectionism -- the great money pit.
Is it really easier or more cost-effective to change the world (pay bounties for crackers, lobby for prtctionist laws) than to change your business practices (write more secure software)?
This had better be a temporary endeavor conducted in parallel with major shifts toward better busines practices, or MS is starting the downward spiral.
Security failures are beginning to hit Microsoft hard not because of the enterprise, but because of home/personal installations.
Whereas a competent MCSE or IT director will have properly secured a corporation's machines against remote exploits (a properly designed network, even if none of the machines had been patched, should've been able to stay free of worms like Blaster and Welchia, for example), home users have been thrust into the unfortunate situation of running an enterprise OS (anything from the NT family), with no experience on securing it, and often, no knowledge that it needs to be secured at all.
Windows NT-based operating systems listen on so many ports, and are designed so wide open, because they are meant to sit inside a secured corporate network. Though Microsoft's unification of the NT and personal trees of Windows starting with XP gave personal users much of the speed and stability they had been lacking for so long, it also gave them security issues they should not have been expected to deal with.
This is why, though NT-based OSes have had widely publicized security flaws for years, their flaws are now in the spotlight.
Microsoft's recent steps to finally globally disable the Windows Messenger service and enable the firewall by default are a late, but necessary, effort to help bridge this divide.
If Microsoft were really serious, they would pay the bounties to people who find their flaws.
Why don't they just go ahead and have a clean, reimplementation of Windows started while they work on Longhorn?
2 reasons. First, support for legacy apps has to be included in any new OS Microsoft developes. Second, imagine how long that would take to complete. It took what, 5 or 6 years, for the NT kernel to be able to reliably run 95/98/ME apps. Imagine the press release, "Longhorn to arrive in 2009".
Starting over would render close to a decade of work worthless. That kind of suggestion is hard to justify.
----
Squirrel
Funny, my corporate deployed laptop, following standard practice, set ME up as admin. I understand this is standard practice for WinNT-family (mine is Win2k) deployments, in general.
With that ONE practice, the single greatest/easiest chunk of security - separation of user from admin, is gone.
From what I understand, quite a bit of Windows software actually depends on this practice, and can't run without admin priviledges. So regardless of who takes the blame, Microsoft or the Windows Culture that has grown up around their products, there's an architectural-level problem, here.
The living have better things to do than to continue hating the dead.