Be on the wave or under it
The News Ė 03/08/02
Anti-Microsoft Hyperbole on Security
Alert SNS Reader Jacob Jaffe was
offended by the article I linked to in the last SNS that said
that Microsoft was a greater threat to security than Osama bin
Laden. Speaking for himself and not his employer, he pointed
out that Microsoft has done an awful lot lately to improve its
position on software security. Jacob writes:
As you know, the article
to which you linked was authored December 14, 2001.† Since then,
Microsoft has initiated a number of efforts to improve the security
of its products, including:
Yes, with a historical
focus on usability and functionality, Microsoft's track record
on security has been less than desirable.† And, it's true that
actions -- and not words -- will prove the company's commitment
to security, which MUST succeed for .NET to become a reality.†
My only point is that readers should be informed that Microsoft
has recently taken steps in an effort to address these past
ďmistakesĒ (again, my own words).
On a separate but
related note, by suggesting that Microsoft is a worse threat
than Osama Bin Laden, I can't help but to feel that Mr. Ruffin
has trivialized the value of each and every innocent person
who, on that fateful day (and as a result of the many terrorist
attacks prior to 9/11), perished at the hands of Al Queda.†
Sure, I could say more, like:
how many people have died
as a result of security flaws in Microsoft software?
how many more billions of
dollars did/has/will the events of 9/11 cost compared to the
costs of all Microsoft security flaws combined?
...but, I think you
get my point.
I do get Jacobís point, and couldnít
agree more. Microsoft has made great strides in the last six
months in addressing its security problems. And it is irresponsible
for anyone to compare a murderous madman to Microsoft. The author
of the Register article (which I hesitate to link
to again lest others be offended) appears to be a member
of the lunatic anti-Microsoft fringe, which I usually find pretty
I do not consider myself to be
part of that fringe, which sees Microsoft as the Great Satan,
although I have a lot of problems with Microsoft and at the
moment am not a big fan of the monopoly. Iíve made a lot of
money over the years leveraging their technology, and I am truly
grateful for many of their innovations. My main problems with
the company are its bullying abuse of monopoly power and its,
up until now, lack of concern with security.
Nonetheless, the author of the
Register article, the improbably named Oxblood Ruffin, makes
valid points about Microsoftís treatment of vulnerabilities,
despite his unfair and over the top characterization of the
company. Ruffin is a member of the CULT
OF THE DEAD COW, a developer of Internet privacy and security
The jury is out as to whether Microsoft
will be successful in improving its security. After all, there
are many, many millions of lines of code in Microsoftís products.
Itís not going to be easy, nor desirable, to graft security
onto the existing code base. Microsoft needs a complete reorientation
of their development philosophy, in my opinion.
The company has given the world
some terrific innovations and capabilities by stressing usability
and interoperability. Visual Basic for Microsoft Office is a
great example of this. By enabling all the components of Office
to communicate with one another and be part of integrated custom
applications, Microsoft has enhanced the user experience. By
doing this with little regard for or awareness of the security
ramifications, Microsoft has produced a fertile breeding ground
for viruses and worms.
Back in the day, when these innovations
were conceived, the world was a simpler place. Networking was
in its infancy and most viruses rode into a PC on a floppy disk.
The connected world weíre now living in was only dimly envisioned,
and the degree of threat we face today from online malware (malicious
code) was not anticipated. The mistake Microsoft made was not
realizing the stakes had changed once computers became organized
into private networks and then exposed to the public Internet.
Bill Gates has admitted he missed
the significance of the Internet. Iím not sure heís admitted
he missed the importance of security, but his mandate to stop
feature development and concentrate on security is unprecedented,
courageous, and encouraging. Letís hope itís also effective.
- Shameless Self-Promotion Dept.: CyberCrime
Fighter Forum 2002 happens March 12th in St. Paul, MN.
If you're in the area, I hope to see you there.
Also, in conjunction with the new CTOMentor paper, Basic
Home Networking Security, we're running a survey on home
networking policies and procedures. The first survey cycle
closed yesterday, but you can get in on the second,
which will run through March 11.
CTOMentor is also offering a two-part white paper on peer-to-peer
technology: Peer-to-Peer Computing and Business Networks:
More Than Meets the Ear. Part 1, What is P2P?,
is available for free on the CTOMentor Web
site. Part 2, How Are Businesses Using P2P?, is
available for $50.
Sony in P2P Deal:
SNS Reader Graeme Thickins sent a long an article that reports
that Peer-to-Peer software vendor CenterSpan has inked a
deal with Sony Entertainment to distribute Sonyís music
on its service. CenterSpan previously bought pioneering
P2P file sharing company Scour and in April 2001 launched
a free trial of C-Star CDN. The new service allows people
to trade encrypted files authorized for copying by copyright
holders. This is a big boost for P2P networks, although
it remains to be seen if it will be successful.†
Verizon Launches First US 3G Network
Verizon Wireless has released its new 3G wireless network
in three areas: a corridor that runs from Norfolk, Virginia
to Portland, Maine; the Salt Lake City area; and the San Francisco/Silicon
Valley area. The new Express Network promises high speed Internet
access up to 144 kilobits per second (kbps).
Return to Mikeís
Copyright © 2000-2008, StratVantage Consulting, LLC. All rights
Please send all comments to
Looking to light up your office, your business, or your city?
The WiMAX Guys™ can help you easily provide secure wireless Internet to your customers.
The WiMAX Guys specialize in designing and running wireless networks. We're experienced, we're quick, and we won't cost you an arm and a leg. Give us a call today provide your users a wireless Internet experience tomorrow.
Alert SNS Reader Hall of Fame
About The Author
a New Service from StratVantage
Canít Get Enough of ME?
In the unlikely event
that you want more of my opinions, Iíve started a Weblog. Itís the fashionable
thing for pundits to do, and Iím doing it too. A Weblog is a datestamped
collection of somewhat random thoughts and ideas assembled on a Web
page. If youíd like to subject the world to your thoughts, as I do,
you can create your own Weblog. You need to have a Web site that allows
you FTP access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
Iíve dubbed my Weblog
entries ďStratletsĒ, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think.
Also check out the TrendSpot for ranking of
the latest emerging trends.
14, 1928 - July 5, 2003
Jane C. Ellsworth
20, 1928 - July 20, 2003