A Note On Microsoft Security

Jun 2
21:00

2002

Richard Lowe

Richard Lowe

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

I've been reading a lot of postings to various message boards, ... and talkback boards on how evil ... (often spelled as ... or more simply M$) is. The ... rantings af

mediaimage

I've been reading a lot of postings to various message boards,A Note On Microsoft Security Articles
newsgroups and talkback boards on how evil Microsoft (often
spelled as Micro$oft or more simply M$) is. The foam-at-the-
mouth rantings after the publication on anything even remotely
related to that company are nauseatingly predictable.

The argument goes something like this: Microsoft is equated with
everything evil and foul in the world. Lucifer himself is kind
and gentle compared with Bill Gates, and every product ever
produced by his company has at least one hidden evil intention.
All of Bill's products are purposely created to produce the
greatest amount of harm for the most people. Bill and his
entourage are planning to take over the world and destroy
everything and everyone, especially any competing companies.

These postings are actually very amusing. They are often so
childish, so silly that it's incredible to believe that these
people are serious. Sometimes I wonder if rational minds exist
behind many of these messages.

For example, an article about the Klez virus (which did not
even mention Microsoft by name) produced some fascinating
replies. One reader wrote:

"Only Windows users would put up with such a scam. Windows
security is like building a house with no doors and being
forced to hire a security guard to walk around your home
while you're living there."

It's fascinating how people can write such uninformed drivel.
Another reader had similar opinions.

"Most thanks for the viruses go to M$ and their sorry excuse
for an e-mail system Exchange coupled with their new, dynamic
protocol called VTP (Virus Transport protocol). Kudos to Bill
for designing such an elegant virus propagation environment.
Who needs enemies when you have M$?"

More silliness from an ignorant person who probably has allowed
viruses to slip through his defenses.

Let's look at an analogy. Let's say you purchase a car. The
car does not come with an alarm system, and the locks are of
standard issue. You decline to purchase an alarm system and
more advanced locks.

Now a car thief breaks into your car and steals it. Who is to
blame? The car manufacturer for creating a car with simple locks
and no standard alarm system? The thief for stealing your car?
The city for allowing thieves? The police department for not
guarding your automobile 24x7? Perhaps your child distracted
you before you locked the door - is the child responsible?

Or are you responsible because you didn't educate yourself on
how to protect your valuable car? Are you responsible for not
purchasing better locks and perhaps an alarm system? Is it your
fault that you parked your car in a bad place in town?

Let's look at another analogy. Suppose you bought a car. Now,
as anyone who has owned a car for any length of time knows, you
have to change the oil occasionally. You can forget all other
maintenance, but you had better change the oil.

I knew someone who had bought his first car. He didn't change
the oil, even after several people (including myself) suggested
that it would be a good idea. One day his car stopped working.
He was very angry, claimed no one had told him anything, the
dealer was evil, he would never buy that brand of car again, and
other nonsense.

What's the point? Microsoft has indeed been lax in designing
security into it's products. There is no question about that.
However, the fault is not totally with that company, and poorly
designed security does not make Bill Gates or others in his
company evil.

There are many other companies with horribly insecure products.
Security is something that must be given a priority in product
development or it is often simply overlooked and under-designed,
and testing is generally not adequate. One simply fact: security
is generally not a money maker for these kinds of products.

Actually, until September 11th stressed the importance, it was
very common for IT managers to completely skip security in their
network and infrastructure planning. Even now security is not
high on many agendas.

Oh yes, most of my colleagues do think about security and are
trying to do something, but it's tough to get managers and
others to actually put their money where their mouth is.

Okay, back to the point - security is a shared responsibility.
We all have to practice security. Users must install antivirus
software and keep the definitions up-to-date. Firewalls must be
added and used properly. The operating systems must be updated
occasionally, and security bulletins must be reviewed once in a
while.

It's the same as if you owned a car, you are expected to read
the owners manual and bring it to the mechanic occasionally. If
you've got a house, you had better be spending some time making
some improvements. And if you've got a computer you should
learn about it. Otherwise, it just might bite you back - just
like a car, a house or anything else in your life.

To see a list of article available for reprint, you can send an
email to:
mailto:article-list@internet-tips.net?subject=send_article_list
or visit
http://internet-tips.net/requestarticles.htm

Article "tagged" as:

Categories: