Broken Windows Let Light in on Microsoft
At the end of a terrible week for Microsoft, Neil McIntosh wonders whether recent security scares will seriously damage its credibility.
At their giant Seattle campus tonight, Microsoft's executives will probably be happy to close the door on what has been an appalling week.
It didn't start too badly - on Monday the company announced it had inked a deal with Disney to encode the entertainment giant's films for distribution online. Microsoft was essentially being entrusted with the security and the transport for Mickey Mouse and co's first (official) foray into online distribution.
But by Wednesday Microsoft was finding itself having to admit - again - that a major security flaw had been found in the latest versions of its Windows operating system. The bug meant anyone with malicious intent could take control of computers over the internet. Users were told to download a patch from the company to resolve the problem.
And now today, the company has had to issue a statement revealing another security problem. This time, around 14 million lines of source code for a recent version of Windows - essentially, the commercially sensitive DNA for Windows - has leaked out on to the internet. The FBI has been called in, while a curious geek community gets its first glimpse inside a secret garden of programming (peppered, as it happens, with profanities and references to long-forgotten Microsoft projects).
At least this latest problem has no immediate impact for users, although some experts are warning that virus writers will find the code useful as they plot their next attack.
As mishap after mishap strikes Microsoft, you might be forgiven for asking what has happened since the company announced, with some fanfare, its "trustworthy computing" initiative in 2002, which was supposed to patch up the holes that virus writers had so effectively started to expose.
The company says it has spent $100m training its programmers to write more secure code, and it has vetted most of the Windows software for security flaws. Security now has a higher priority; in the next revision of Windows, for instance, the company will finally ship an improved firewall (internet security) program switched on as standard.
But users can point to the continuing flow of problems - from server software problems to a fundamental flaw in the way Microsoft's email software works - as evidence of ongoing frailty in the company's products.
Part of the problem, say critics, is that Microsoft enjoys a monopoly grip of the operating system market. MS has little incentive to patch up software quickly, and choose security over commercially valuable features, when rivals Apple and Linux are fighting between themselves for the fewer than one in 10 users who don't use Windows. Nor is government action likely - the Bush White House was reluctant to act even after the courts found MS guilty of abusing its monopoly position.
Users of Apple's Mac OSX, or Linux, can smugly point to the fact their choice of operating system has suffered far fewer security problems. But Microsoft could quite easily point to a few mitigating factors. First, neither rival platform has been free of security scares. Second, had those scares happened on a Microsoft system, it would have been much more widely publicised, because Windows runs on more than 90% of the world's desktop computers. Third, because of its market share, Windows is - in the eyes of any attention-seeking virus writer - really the only OS worth writing for.
This leads to an imbalance of risk. In the non-Windows world, a security problem can be reported publicly, and a fix issued a few weeks later, no harm done. In the Windows world, the problem is sometimes found only as a virus or hack emerges to exploit it, and already Microsoft is running against the clock.
All this doesn't matter for users, who might begin to become warier of Microsoft and its software. Whole industries, such as the mobile phone world and the entertainment business, are already cautious of the company, mainly because of its voracious business practices. But adding security fears to the list can only make things worse for the company as it seeks to reassure customers.
And this may point to the biggest long-term problem for Microsoft. For this was never supposed to be a bad week - that Disney announcement was a huge victory for Microsoft's Windows Media format in what will be a vicious war for dominance in the booming digital media world. But, instead, that announcement combined with the subsequent security scares have served only to heighten the Schadenfreude of many commentators. As Observer columnist John Naughton said on his weblog earlier this week: "No wonder satirists are having such a lean time. You couldn't make this stuff up."
If the word gets around that Bill Gates and co can hardly look after its own properties, its ambitions to provide online security for whole industries are going to look hollow.
That makes security a problem that strikes at Microsoft's whole future, and is why this bad week at the office is about a lot more than red faces at Redmond.
It didn't start too badly - on Monday the company announced it had inked a deal with Disney to encode the entertainment giant's films for distribution online. Microsoft was essentially being entrusted with the security and the transport for Mickey Mouse and co's first (official) foray into online distribution.
But by Wednesday Microsoft was finding itself having to admit - again - that a major security flaw had been found in the latest versions of its Windows operating system. The bug meant anyone with malicious intent could take control of computers over the internet. Users were told to download a patch from the company to resolve the problem.
And now today, the company has had to issue a statement revealing another security problem. This time, around 14 million lines of source code for a recent version of Windows - essentially, the commercially sensitive DNA for Windows - has leaked out on to the internet. The FBI has been called in, while a curious geek community gets its first glimpse inside a secret garden of programming (peppered, as it happens, with profanities and references to long-forgotten Microsoft projects).
At least this latest problem has no immediate impact for users, although some experts are warning that virus writers will find the code useful as they plot their next attack.
As mishap after mishap strikes Microsoft, you might be forgiven for asking what has happened since the company announced, with some fanfare, its "trustworthy computing" initiative in 2002, which was supposed to patch up the holes that virus writers had so effectively started to expose.
The company says it has spent $100m training its programmers to write more secure code, and it has vetted most of the Windows software for security flaws. Security now has a higher priority; in the next revision of Windows, for instance, the company will finally ship an improved firewall (internet security) program switched on as standard.
But users can point to the continuing flow of problems - from server software problems to a fundamental flaw in the way Microsoft's email software works - as evidence of ongoing frailty in the company's products.
Part of the problem, say critics, is that Microsoft enjoys a monopoly grip of the operating system market. MS has little incentive to patch up software quickly, and choose security over commercially valuable features, when rivals Apple and Linux are fighting between themselves for the fewer than one in 10 users who don't use Windows. Nor is government action likely - the Bush White House was reluctant to act even after the courts found MS guilty of abusing its monopoly position.
Users of Apple's Mac OSX, or Linux, can smugly point to the fact their choice of operating system has suffered far fewer security problems. But Microsoft could quite easily point to a few mitigating factors. First, neither rival platform has been free of security scares. Second, had those scares happened on a Microsoft system, it would have been much more widely publicised, because Windows runs on more than 90% of the world's desktop computers. Third, because of its market share, Windows is - in the eyes of any attention-seeking virus writer - really the only OS worth writing for.
This leads to an imbalance of risk. In the non-Windows world, a security problem can be reported publicly, and a fix issued a few weeks later, no harm done. In the Windows world, the problem is sometimes found only as a virus or hack emerges to exploit it, and already Microsoft is running against the clock.
All this doesn't matter for users, who might begin to become warier of Microsoft and its software. Whole industries, such as the mobile phone world and the entertainment business, are already cautious of the company, mainly because of its voracious business practices. But adding security fears to the list can only make things worse for the company as it seeks to reassure customers.
And this may point to the biggest long-term problem for Microsoft. For this was never supposed to be a bad week - that Disney announcement was a huge victory for Microsoft's Windows Media format in what will be a vicious war for dominance in the booming digital media world. But, instead, that announcement combined with the subsequent security scares have served only to heighten the Schadenfreude of many commentators. As Observer columnist John Naughton said on his weblog earlier this week: "No wonder satirists are having such a lean time. You couldn't make this stuff up."
If the word gets around that Bill Gates and co can hardly look after its own properties, its ambitions to provide online security for whole industries are going to look hollow.
That makes security a problem that strikes at Microsoft's whole future, and is why this bad week at the office is about a lot more than red faces at Redmond.
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- The Windows revolution
- Brussels Furious With 'prevaricating' Microsoft
- Microsoft Squares Up to Google
- EU Upholds Microsoft Anti-trust Ruling
- Judge Puts Microsoft Deal Under Scrutiny
- Microsoft Fights Eu Windows Curbs
- Mike Rowe No Soft Touch
- Microsoft Brings Out the Big Guns
- Microsoft Beats Apple to the Music
- Judge may have to force open Windows
- Microsoft v Symbian at 3gsm
- Microsoft Under Fire on Two Fronts in Europe
- PowerPoint of view
- Microsoft Wins Eu Stamp of Approval for .net Passport
- Apple Faces a Mac Attack
- Window to world domination still open
- Written word works better than spoken for Microsoft
- Xbox Live could miss top spot
- Microsoft is leading the World Wide Web
- Microsoft Unveils New Academic Search Tool