Just a Thought - David Pogue Points Out The Windows Paradox
by - October 22nd, 2004
In David Pogue's latest column for the New York Times, titled The Security Paradox, he discusses the odd state of affairs Microsoft and its patch update strategy, and the virus ad worm writers who take advantage of the holes in the Microsoft products the patches are suppose to fix.
Mr. Pogue relays a story in which he was surprised to find out that virus writers usually write and release their malware into the wild only after Microsoft releases a patch for it. Because, as a Microsoft manager explained to him, it isn't the script kiddies and actual virus writers who are finding these flaws in the first place. From the article
Instead, what usually happens is that some brainiac at a university or security firm usually finds the hole, and then notifies Microsoft. Microsoft then puts together a security patch, which it releases to its millions of customers to protect them.
Only then do the hackers and virus writers learn about the security hole and how it works by studying Microsoft's patch. The problem is that it takes weeks or months for Microsoft's patch to get distributed to all those millions of customers. (Three weeks after Microsoft releases a patch, only half of all PC users have installed it, according to an expert interviewed by PC World.) The hackers simply beat Microsoft's fix to your PC's front door.
Therein lies the paradox of which Mr. Pogue speaks. You can read the full article at the New York Times.
So, this is yet another validation of the dictum: If you build it, they will come. In this case, Big Redmond builds the patch and then come the viruses and worms.
As Mr. Pogue points out in his piece, it certainly is a noggin scratcher as to why it is that all of the brain power at the command of Bill Gates has yet to figure a way to make its products more secure.
At the same time, don't let anybody tell that it is more secure by virtue of those endless patches; it seems that the more the folks at Microsoft patch, the more they need to patch. In fact, they have patches for their patches.
We can't believe that no one at Microsoft has the answer to its software security problem. It could be that the guys with the ideas to fix the problems are being overridden by those with other agendas, as is often the case in many large companies. Or perhaps the management at Big Redmond is pinning its hopes on Longhorn, much as it did with XP. In the meantime, Windows users, and the rest of the computer using community suffer.
The really sad thing is that, while there are some individuals, governments, and companies who have decided to explore possibilities beyond Microsoft, the unfortunate truth is that far too many steadfastly refuse to even entertain the notion of jumping the Redmond ship. That means that, at least for the foreseeable future, malware writers will have fertile ground to play in.
is a writer who currently lives in Orlando, FL. He's been a Mac fan since Atari Computers folded, but has worked with computers of nearly every type for 20 years.
Most Recent Columns From Just A Thought
- Apple's New Cards: Aces and Kings? - September 14th
- Power to the People - September 1st
- Too Soon To Zune - August 28th
The Just A Thought Archives
- Thu,8:36 PM
- How to Print Envelopes from Contacts on Your Mac
- 7:04 PM
- The Ultra-Premium Mac Bundle Extended for One Week at $44.99
- 5:59 PM
- Apple Will Pull Aperture this Spring, But It Will Continue to Work
- 3:40 PM
- Apple’s OS X Gatekeeper Leaves Hole Open for Malware and Adware - Here’s How to Protect Your Mac
- 3:30 PM
- China Forcing Apple to Choose: Customer Privacy or Revenue
- 1:46 PM
- TMO Daily Observations 2015-03-05: iPad Pro Design Rumors, HBO Now for Apple TV
- 11:37 AM
- Analyst: Apple Watch a $26B Business by 2018
- 10:28 AM
- Reports Claim 12-inch iPad to Copy Microsoft Surface Tablet, Shipping in September
- 9:07 AM
- Apple, HBO Look to Bring HBO Now Streaming Service to Apple TV
- Wed,8:50 PM
- Decades-Old Legacy Encryption Found in iOS, OS X, Android - Apple Says Fix Is Coming
- 7:30 PM
- ACM 296: Apple’s Spending Restraint, Disconnected Analysts, and Google’s Cell Service
- 7:23 PM
- Pay What You Want: Front-End Developer Bundle