Microsoft Will Never Plug All Its Security Holes Says Gartner Analyst
Microsoft Will Never Plug All Its Security Holes Says Gartner Analyst
by , 12:45 PM EDT, August 16th, 2000
Farmers have long known that monoculture crops are far more vulnerable to disease than mixed crops. Now the information technology world is belatedly discovering an analogous weakness exists in that vast software monoculture we call Microsoft products.
As Neil MacDonald, a Gartner Analyst points out in an article for CNET News, not only are there many security vulnerabilities in Microsoft's products, there is no way for Microsoft to provide a fix for all of them. Worse, Microsoft's business model provides little incentive for the software behemoth to waste resources in a futile attempt to find and plug all the security leaks.
According to MacDonald:
The constant inclusion of new features in Microsoft's software, and the bundling of new technologies into Microsoft's OS and application products, have created large, monolithic applications that are impossible to debug for all security vulnerabilities. For example, by various estimates, Windows 2000 contains 30 million to 40 million lines of code, and the development team involved thousands of people.
New technologies that Microsoft is working on for its Microsoft.net initiative are only going to increase the number of security vulnerabilities in the future. For instance, MacDonald says,
Microsoft's ActiveX programming model provides no mechanism for "sandboxing" code, Its digital signature mechanism provides insufficient protection for the use of ActiveX controls on the Internet.
But perhaps the most alarming evidence presented by MacDonald is of Microsoft apparent lack of concern:
Microsoft's development process has not fundamentally changed with respect to security. Microsoft still does not make security training mandatory for its developers. Microsoft has found that being reactive to security works well; it quickly fixes newly identified bugs. This approach is easier than preventing the vulnerabilities from occurring in the first place.
Security is important to Microsoft but only to the extent that it does not inhibit the adoption of its products.
Read the entire analysis from the Gartner Group for more information. It is a very good read.
The Mac Observer Spin:
This is a very significant event if you look at it outside the confines of Mac/PC partisan bickering. Most of the IT world and Wall Street pay little attention to the issues described in Mr. MacDonald's report, and the fact that Microsoft's Windows offerings are inherently insecure seldom makes any kind of headline in the least. For the Gartner Group to publicly slam the company in this manner hopefully marks the beginnings of a major shift in the world's outlook on Windows. Only time will tell of course.Linux and MacOS alternatives to Windows are increasingly coming to favor in some circles, and it is interesting that this CNET article appeared timed for the LinuxWorld Expo taking place in San Jose, CA this week. More and more major corporations are testing Linux in search of a safer, more reliable and less expensive software solution than Microsoft can offer. In fact, this week the Linux deals announced are too numerous to mention here.
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Fatal error: Call to a member function sql_query() on a non-object in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 532
Recent Headlines - Updated June 18th
- Tue, 8:38 PM
- Editorial - Apple Offers Retail Employees Early Access to OS X Mavericks
- 6:41 PM
- Steve Wozniak Presides Over 3 Working Apple I Computers
- 4:35 PM
- TMO Interview - Alf Watt at WWDC: The Journey from iStumbler to Apple and Beyond
- 3:47 PM
- Product News - Apple Updates Java for Snow Leopard, Lion, Mountain Lion
- 2:01 PM
- Chatology Offers Search & Filtering Options for Apple’s Messages & iChat
- 1:50 PM
- Quick Look Review - Just Mobile’s AluCup: iOS Device Convenience in a Small Space
- 12:45 PM
- TMO Quick Tip - How to Run Parallels Desktop 8 with OS X Mavericks DP
- 11:09 AM
- Editorial - Of Course iOS 7 is Broken, it’s Beta
- 9:56 AM
- Apple Stock Watch - Analyst: Get Ready for September iPhone Launch
- 9:06 AM
- Product News - Adobe Launches Creative Cloud, Moves to Subscription Software Model
- Mon, 7:05 PM
- Analysis - Apple Expands Jony Ive’s Title to Cover All ‘Design’
- 6:26 PM
- Analysis - Apple’s Eddy Cue Details Steve Jobs Interest in iBooks
The Mac Observer Reader Specials
-
-
-
-
-
-
-
-
-
Support TMO, Buy from Amazon, MacMall and The Apple Store
