Just a Thought - David Pogue Points Out The Windows Paradox
by - October 22nd, 2004
In David Pogue's latest column for the New York Times, titled The Security Paradox, he discusses the odd state of affairs Microsoft and its patch update strategy, and the virus ad worm writers who take advantage of the holes in the Microsoft products the patches are suppose to fix.
Mr. Pogue relays a story in which he was surprised to find out that virus writers usually write and release their malware into the wild only after Microsoft releases a patch for it. Because, as a Microsoft manager explained to him, it isn't the script kiddies and actual virus writers who are finding these flaws in the first place. From the article
Instead, what usually happens is that some brainiac at a university or security firm usually finds the hole, and then notifies Microsoft. Microsoft then puts together a security patch, which it releases to its millions of customers to protect them.
Only then do the hackers and virus writers learn about the security hole and how it works by studying Microsoft's patch. The problem is that it takes weeks or months for Microsoft's patch to get distributed to all those millions of customers. (Three weeks after Microsoft releases a patch, only half of all PC users have installed it, according to an expert interviewed by PC World.) The hackers simply beat Microsoft's fix to your PC's front door.
Therein lies the paradox of which Mr. Pogue speaks. You can read the full article at the New York Times.
So, this is yet another validation of the dictum: If you build it, they will come. In this case, Big Redmond builds the patch and then come the viruses and worms.
As Mr. Pogue points out in his piece, it certainly is a noggin scratcher as to why it is that all of the brain power at the command of Bill Gates has yet to figure a way to make its products more secure.
At the same time, don't let anybody tell that it is more secure by virtue of those endless patches; it seems that the more the folks at Microsoft patch, the more they need to patch. In fact, they have patches for their patches.
We can't believe that no one at Microsoft has the answer to its software security problem. It could be that the guys with the ideas to fix the problems are being overridden by those with other agendas, as is often the case in many large companies. Or perhaps the management at Big Redmond is pinning its hopes on Longhorn, much as it did with XP. In the meantime, Windows users, and the rest of the computer using community suffer.
The really sad thing is that, while there are some individuals, governments, and companies who have decided to explore possibilities beyond Microsoft, the unfortunate truth is that far too many steadfastly refuse to even entertain the notion of jumping the Redmond ship. That means that, at least for the foreseeable future, malware writers will have fertile ground to play in.
is a writer who currently lives in Orlando, FL. He's been a Mac fan since Atari Computers folded, but has worked with computers of nearly every type for 20 years.
Most Recent Columns From Just A Thought
- Apple's New Cards: Aces and Kings? - September 14th
- Power to the People - September 1st
- Too Soon To Zune - August 28th
The Just A Thought Archives
- Mon, 6:43 PM
- Apple Fixes Two-Factor Authentication Setup Bug
- Mon, 6:22 PM
- Anticipation and Joy: Abusing Autonomous Cars For Fun
- Mon, 6:10 PM
- Dyn DDoS Attack Shows IoT's Inherent Security Weakness
- Mon, 3:46 PM
- TMO Background Mode: Interview with Author and Podcaster David Sparks
- Mon, 2:05 PM
- Apple Releases watchOS 3.1 with Charging Fix, Message Effects Improvements, More
- Mon, 1:51 PM
- Apple Releases macOS Sierra 10.12.1 with Improved Apple Watch Unlock, More
- Mon, 1:45 PM
- TMO Daily Observations 2016-10-24: DDOS Attacks, Internet of Things, and HomeKit Security
- Mon, 1:20 PM
- Apple Releases iOS 10.1 with Portrait Camera for iPhone 7 Plus, Replay iMessage Effects, More
- Mon, 11:32 AM
- AT&T to Buy Time Warner in $85.4B Deal
- Mon, 9:00 AM
- Shimo VPN Client for Mac: $19
- Mon, 8:00 AM
- How to Fix Apple Watch Contact Syncing Problems
- Sun, 12:04 PM
- MGG 628: Cool Stuff Found and The DNS Achilles Heel