Security, It's not just Microsoft's Burden

Michael Gartenberg | August 13, 2003, 09:02 AM

As the latest internet worm makes the rounds, there’s a lot of folks pointing at Microsoft and wondering if the folks from Redmond will ever get security issues resolved for Windows. While Microsoft is arguably an easy target for criticism on security issues, the truth is that Microsoft is doing a pretty good job shouldering responsibility for issues related to their software. The problem for them is that the world is an ever changing place and some of the issues are beyond their control.

Security issues are not new with software. From the earliest systems on mainframes and minis, there were always security updates from manufacturers and always issues to be resolved. It’s just that most users never knew about them or were affected by them. In today’s world of mobility and interconnectivity, everyone is affected by security issues and therefore security issues make news. Even consumers with broadband access and home networks have had to assume responsibilities and learn buzzwords that were formerly the domain of only elite IT pros. Although Microsoft has lots if information on security and has had a good track record of releasing patches and updates to known problems, many IT departments and consumers simply ignore them. In many cases, systems are so diverse that IT simply does not know what machines are running what OS. This diversity means that many systems and servers are exposed and the distributed nature of Windows means that an un-managed environment is going to cost money in the long run in terms of security breaches and attacks.

Likewise other OSs have vulnerabilities that rival those in Windows but Microsoft, having the lions share of the desktop space is by definition also the most vulnerable to attack and most vulnerable to criticism.

If security issues are going to be resolved it’s going to take more than finger pointing at the folks in Redmond. IT managers need to take accountability for their systems, software vendors for the correct installation and maintenance of their programs and consumers for their households. This is the price of the enablement provided by a digital lifestyle. Microsoft also need to keep up its efforts and also work to educate both business and consumer customers about proper security practices and further refine the deployment simplicity so that patches and policies actually get implemented. Security is everyone’s responsibility and placing the burden on MSFT alone is unwarranted and unfair.