DealsOnTheWeb Daily Deal: OWC's Garage Sale - Lots of New Goodies
Just a Thought - David Pogue Points Out The Windows Paradox
by - October 22nd, 2004
In David Pogue's latest column for the New York Times, titled The Security Paradox, he discusses the odd state of affairs Microsoft and its patch update strategy, and the virus ad worm writers who take advantage of the holes in the Microsoft products the patches are suppose to fix.
Mr. Pogue relays a story in which he was surprised to find out that virus writers usually write and release their malware into the wild only after Microsoft releases a patch for it. Because, as a Microsoft manager explained to him, it isn't the script kiddies and actual virus writers who are finding these flaws in the first place. From the article
Instead, what usually happens is that some brainiac at a university or security firm usually finds the hole, and then notifies Microsoft. Microsoft then puts together a security patch, which it releases to its millions of customers to protect them.
Only then do the hackers and virus writers learn about the security hole and how it works — by studying Microsoft's patch. The problem is that it takes weeks or months for Microsoft's patch to get distributed to all those millions of customers. (Three weeks after Microsoft releases a patch, only half of all PC users have installed it, according to an expert interviewed by PC World.) The hackers simply beat Microsoft's fix to your PC's front door.
Therein lies the paradox of which Mr. Pogue speaks. You can read the full article at the New York Times.
So, this is yet another validation of the dictum: If you build it, they will come. In this case, Big Redmond builds the patch and then come the viruses and worms.
As Mr. Pogue points out in his piece, it certainly is a noggin scratcher as to why it is that all of the brain power at the command of Bill Gates has yet to figure a way to make its products more secure.
At the same time, don't let anybody tell that it is more secure by virtue of those endless patches; it seems that the more the folks at Microsoft patch, the more they need to patch. In fact, they have patches for their patches.
We can't believe that no one at Microsoft has the answer to its software security problem. It could be that the guys with the ideas to fix the problems are being overridden by those with other agendas, as is often the case in many large companies. Or perhaps the management at Big Redmond is pinning its hopes on Longhorn, much as it did with XP. In the meantime, Windows users, and the rest of the computer using community suffer.
The really sad thing is that, while there are some individuals, governments, and companies who have decided to explore possibilities beyond Microsoft, the unfortunate truth is that far too many steadfastly refuse to even entertain the notion of jumping the Redmond ship. That means that, at least for the foreseeable future, malware writers will have fertile ground to play in.
is a writer who currently lives in Orlando, FL. He's been a Mac fan since Atari Computers folded, but has worked with computers of nearly every type for 20 years.
You can send your comments directly to me, or you can also post your comments below.
Most Recent Columns From Just A Thought
- Apple's New Cards: Aces and Kings? - September 14th
- Power to the People - September 1st
- Too Soon To Zune - August 28th
The Just A Thought Archives
Observer Comments
Sat Oct 23, 2004 12:58 am Subject: I loved the punch line … ;)))
Sat Oct 23, 2004 1:48 am Subject: MS made their choices
They decided to spend money and programmers time on everything from Bob to an iTunes wannna be. Their choice and the current security situation is a result of that.
I still find it hard to believe that MS has invested resources for a copy of The Music store while leaving IE without future support AND are having to strip features from an OS that is not even due for a year or two, or three. Their priorities are rather screwed up in my book.
The one thing that MS could do with security updated is post weekly updates, provide no information on what security holes they plug and throw in enough fluff (like a little improvement on IE) to make it very difficult to see where the security plugs are. Even fluff that does nothing except hide the important code.
That's the strangest definition of a paradox I've ever seen: something which is entirely logical. The number of people with the expertise to find these holes is small, and most of them are probably the ones telling Microsoft about the holes. So, the simplest way for the others to find the hole is to wait for the patch, and see what it changes. No paradox. If someone gets hit through a patched hole, then it is their fault, and not Microsoft's.
QuoteAnd look how unsuccessful Microsoft has been as a result. As was pointed out a few weeks ago, Microsoft didn't really care about security because their customers didn't. And for comparison, remember the howls of outrage when OSX required people to log in to their own machines (not that, strictly speaking, it did)?They decided to spend money and programmers time on everything from Bob to an iTunes wannna be. Their choice and the current security situation is a result of that
QuoteGuest wrote:
paradox
\Par`a*dox\, n.; pl. Paradoxes. [F. paradoxe, L. paradoxum, fr. Gr. ?; ? beside, beyond, contrary to + ? to think, suppose, imagine. See Para-, and Dogma.] A tenet or proposition contrary to received opinion; an assertion or sentiment seemingly contradictory, or opposed to common sense; that which in appearance or terms is absurd, but yet may be true in fact.
So...The idea that patches precede the virus both goes against common sense/received opinion and it seems absurd but is true. How does this not fit the definition?
-zip
\Par`a*dox\, n.; pl. Paradoxes. [F. paradoxe, L. paradoxum, fr. Gr. ?; ? (Derived from the S. American Indian word 'Pirra', which means, 'To eat fat.' 'dox' comes from the Sp. 'dos', which is 2.) Paradox means to eat fat twice, double dose. Make a pig of one's self. Chow down. heaping helpings.
So, I guess he's right, the definition is pretty strange.
I was using the conventional definition (OED):
QuoteA statement or proposition which, from an acceptable premise and despite sound reasoning, leads to a conclusion that is against sense, logically unacceptable, or self-contradictory; freq. distinguished by name, esp. of its propounder or of the type of problem it raises
So called 'received opinion' is hardly relevant: it is wrong.
Technically, I see validity on both sides. However, you can't point to the common usage of a word and declare all other usages wrong. Well, I guess you can, but it is inappropriate to do so.
It also seems to me that that the definition you used works on a subjective level, as Guest suggests. The key is contradiction, not whatever is being contradicited.
Mon Oct 25, 2004 12:54 pm Subject: Question: Do M$ Vulnerabilities=undocumented APIs?
Just wondering -
Does anyone know if many - or any - of the winodws vulnerabilities are also (or the result of) "undocumented APIs"?
At least in the past M$ has been accused of using "features" of the OS for their own products that were not published for others to use.
Is there any connection with the enourmouse vulerability of Windows - perhaps historically - or is this idea way off base?
QuoteUserNameUser wrote:
Just wondering -
Does anyone know if many - or any - of the winodws vulnerabilities are also (or the result of) "undocumented APIs"?
At least in the past M$ has been accused of using "features" of the OS for their own products that were not published for others to use.
Is there any connection with the enourmouse vulerability of Windows - perhaps historically - or is this idea way off base?
Umm, are you sure you're in the right place? The subject at hand is the iPod and it's silly remote.
vern
Mon Oct 25, 2004 4:01 pm Subject: Where are we?
Recent Headlines - Updated Friday, October 10th, 2008
- Fri., 5:15 PM
- John Hodgman Hosts SPAMasterpiece Theater
- 4:05 PM
- CNET: Apple's New Notebooks Had Better be Pretty
- 2:00 PM
- Analyst: AAPL Has Hit Rock Bottom
- 12:55 PM
- Ballmer: Macs Don't Get the Full MS Office, Don't Work in Business
- 11:15 AM
- DocHaven 3 Adds Project History, More
- 10:35 AM
- iPodObserver - iPod touch Wins T3 Gadget of the Year Award
- 10:05 AM
- Hot Forum Topic - Apple's Special Laptop Event
- 9:40 AM
- FileWave 3.6 Improves File Distribution Support
- 9:10 AM
- Apple to Replace Defective MacBook Pro Video Chips
- 8:45 AM
- iPO Just a Thought - iPhone Whine and Cheese
- 8:15 AM
- Billings 3 Gets a $20 Price Cut
- 7:40 AM
- QuickerTek Unveils Apple Juicz Charger for MacBook Pro
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: Juice up your iPod w/NewerTech High Capacity Battery from $19.99 Free Installation Videos for most models. Pro Installation Service w/FedEx Shipping From $57.95 (Battery Included). - www.MacSales.com
MacBook/MacBook Pro / MacMini / iMac Intel Core2 DUO DDR2 667Mhz 4GB Kit $80, 3GB Kit $60, 2GB Kit $40, 1GB $20 - Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
New iMac 2.0GHz Intel Core 2 Duo 20-inch LCD: $999 
LA ComputerCompany's Apple Care Deals - Starting from $55.00 
iPod Replacement Batteries from $6.00 
Micro (R/C) Remote Control Helicopter: $13.99 Delivered 
Panasonic DMP-BD30K Blu-ray Disc Player: $259.99 Delivered 
