Just A Thought - Is Microsoft Really To Blame For The Sad State Of Security On The Internet?

by , 9:00 AM EDT, June 26th, 2002

There's a lot of information and misinformation going around about how secure or unsecure the Internet is, and who's to blame for many of the well publicized security breaches. I was reading Richard Frono's comments in his "MS to micro-manage your computer" article in The Register, and I also read NEWSWEEK's Steven Levy's report on Microsoft's Palladium effort.

Mr. Forno is taking issue with Mr. Levy's assessment, or lack of skepticism over Microsoft's Palladium plan. Mr. Forno blames the Redmond Giant for the security fix the Internet is in and sees nothing but trouble if Palladium catches on. He says:

Isn't it ironic that the company responsible for nearly every major computer security problem, virus, and backdoor [sic] -- thanks to its poor software development and testing among other factors -- is now heralding its ability to make everything right in a stroke? One might sense this is a manufactured problem resulting from Microsoft's inability to develop effective software in the first place. As is commonly known, the single most significant factor contributing to the dismal state of today's internet security is Microsoft's complacency, rather than hackers, crackers, and pirates. As I mentioned in an earlier article, we're vulnerable because Microsoft makes it so damn easy for the bad guys to cause mischief. (It's also a result of lazy or incompetent system administrators, poor network design, and clueless executives and Congressfolk, but that's another essay.)

I agree with him for the most part. As much as I'd like to, however, I can't heap all the blame for the sad state of security on the Internet on Microsoft. Whether we like to hear it or not, some of that blame belongs to us, the people who buy Microsoft products.

I believe that people, in general, hate change. They hate change so much that they are willing to put up with all kinds of crap just to keep from changing from what they think they know. Think I'm wrong? Take this little test:

• Think about something you like to do or eat: for instance, let's say that when you drive home, you always take a certain route. The only time you consciously change your route is when something prevents you from taking it.
• Now, ask yourself why you take that route. You'll come up with some good reasons: shortest route, goes by places you like to see, maybe there's no good reason at all.
• Finally, ask yourself why you don't take another route. Just because another way is longer doesn't mean it's not worth taking once in a while. How do you feel about changing routes initially?

What I think you'll discover is that you, just like the rest of us, are resistant to change. Marketing people know this, they depend on it, and so does Microsoft. We buy certain products and do certain things, not necessarily because the products are the best or the things we do are the easiest, but rather because we get use to them. We've used the product, or done the deed, before, and we think we know it. Why bother learning something new, we reason, even if by doing so we help ourselves and others?

The problem we now face with Internet security is not just Microsoft's fault; we continued to buy their stuff even though they have demonstrated that they either cannot or will not make a secure product. We make them the big target for hackers, we allow them to use us to test for security holes. To be sure, there is no such thing as a completely secure Internet products, but UNIX has been around for a heck of a lot longer than any Microsoft product and you'd be hard pressed to find the number of viruses and hacks on any UNIX system compared to Microsoft systems.

Of course, the question to be asked is: would the Internet be a more secure place if Microsoft wasn't so dominant? Absolutely, and the only reason Microsoft is dominant and will continue to be dominant is if people continue to buy Microsoft products. This ain't rocket science, but it's easier to plop the blame on someone than it is to change.

Back to the Palladium thing: what is scary about this is that Microsoft intends to ram this down the public's throat. Like it or not, if you use Windows, you WILL use Palladium. Oh, and you'll have to like it after all. Chip and computer makers are signing on to help the Palladium effort, as reported in Mr. Levy's article:

Because its ultimate success depends on ubiquity, Palladium is either going to be a home run or a mortifying whiff. "We have to ship 100 million of these before it really makes a difference," says Microsoft vice president Will Poole. That's why the company can't do it without heavyweight partners. Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system. "It's a groundswell change," says AMD's Geoffrey Strongin. "A whole new class of processors not differentiated by speed, but security." The next step is getting the likes of Dell, HP and IBM to remake their PCs to accommodate the system.

"It's one of the most technically complex things ever attempted on the PC," says Gartner analyst Martin Reynolds. And the new additions will make your next computer a little more expensive. Will the added cost -- or a potential earlier-than-otherwise upgrade -- be worth it? Spend a day or two with the geeks implementing Palladium -- thrilled to be talking to a reporter about the project -- and you'll hear an enticing litany of potential uses.

Should you be concerned? You had better be. There is something oddly unsettling about viewing Microsoft as a benevolent overseer. All the more reason to stick close to your Macs.

Vern Seward is a frustrated writer who currently lives in Orlando, FL. He's been a Mac fan since Atari Computers folded, but has worked with computers of nearly every type for 20 years.