Microsoft Monitor Weblog A Jupiter Research Business Weblog
 
Jupiter's Microsoft Monitor Research Service helps vendors prepare for market opportunities created by new Microsoft initiatives. In addition, Microsoft Monitor helps business and enterprise users discover which strategies are most successful in dealing with Microsoft and how to best exploit the customer relationship. The Microsoft Monitor Weblog is a companion to Jupiter's Microsoft Monitor Research Service and provides additional news, analysis and insight relevant to the areas most important for Microsoft's growth in both the business and consumer marketplaces. The content on this Weblog is often based on late-breaking events whose sources are deemed to be reliable. The insight and recommendations represent Jupiter's initial analysis. As a result, our positions are subject to refinements or major changes as Jupiter analysts gather more information and perform further analysis. Feedback is welcome at mm@jupitermedia.com.

Contact Us
More information about Jupiter's Microsoft Monitor Research service is available by contacting Kieran Kelly at researchsales@jupitermedia.com or by telephone at 1-800-481-1212

Blogroll
David Card
Michael Gartenberg
Alan Meckler
David Schatsky

September 2005
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Archives
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003

Recent Entries
My PDC Post Morteum
Microsoft Office, the Server Edition, Part Two
Windows Workflow Foundation and Expression
PDC: The Big Day
Windows Vista Sleeper Announcements

August 21, 2003
The Microsoft That Cried Wolf

Microsoft faces a serious strategic quandary in the wake of last week's Blaster attack, Monday's Blaster fix-it worm and the Tuesday-Wednesday-Thursday SoBig e-mail virus. It's unfair to place the entire blame for these virus outbreaks on Microsoft. Internet worms or e-mail viruses are not dependent on Microsoft software to spread--or they weren't in these three examples.

On the other hand, patch management is too much a hassle, particularly when Microsoft reissues patches or does not provide adequate patches, as was seen with Blaster and at least one of the three security flaws warned of yesterday. It's bad enough that network administrators must battle a torrent of patches, let alone have to reinstall a "revised" patch because the original issue didn't adequately protect against the flaw.

A bigger problem is the shear number of patches consumers or businesses must contend with. Since May 21, when I set up the computer I am using right now (Compaq Presario 8000 with 3GHz Pentium 4 processor, 120GB hard drive and 1GB of SDRAM), Windows update has pulled down and installed 29 security fixes or critical updates; two more security updates still need to be applied. Grand total: 43 updates installed over three months. I spoke with a buddy this morning who works at a Macintosh news site. Coincidentally, he was updating his Windows test machine. Seventeen critical updates, he said.

"I’m afraid to start up the e-mail," he quipped. "What do Windows users do? I mean, aren’t they afraid?"

Apparently not, because Microsoft seems to have a hard time convincing businesses or consumers to update Windows. As I blogged previously, Blaster is a good example. About a week after Microsoft’s July 16 warning, the U.S. Dept. of Homeland Security issued a separate warning about the Windows security hole eventually exploited by Blaster.

Maybe the sheer number of patches contributes to this indifference. Like the boy who cried, "wolf!" Maybe Microsoft warns of so many potential security problems, people don’t take them seriously. Then a Blaster comes along, issues a temporary wake up call, but eventually Windows users return to their indifferent slumber. Certainly, Microsoft can’t be blamed for people refusing to install security patches; that is their responsibility, not Microsoft’s.

That said, I would strongly recommend Microsoft to take another long, cold look at its security strategy. The week’s worth of virus attacks has raised security awareness and concern. As Windows is so widely used, in some ways, the onus is on Microsoft to fix the problem. I know that the company has talked about turning on Windows XP’s firewall by default. But responses like that, while worthwhile, deal more with symptoms than causes.

Microsoft may want to take another look at how it architects software, and, particularly its cross-integration strategy the company calls "integrated innovation." The architectural approach may make sense from a customer convenience perspective, but maybe not from the making-software-more-secure viewpoint. Last I heard, Chairman Bill Gates issued a mandate that Microsoft must put security ahead of features--and so, I’m assuming, customer convenience through increased integration of different types of software products.

Posted by Joe Wilcox at August 21, 2003 01:31 PM
Copyright 2004 Jupitermedia Corporation. All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.