Is Microsoft Really To Blame For The Sad State Of Security On The Internet?

Thereis a lot of information and misinformation going around about how secure or unsecure the Internet is, and whois to blame for many of the well publicized security breaches. I was reading Richard Fronois comments in his "MS to micro-manage your computer" article in The Register, and I also read NEWSWEEKis Steven Levyis report on Microsoftis Palladium effort.

Mr. Forno is taking issue with Mr. Levyis assessment, or lack of skepticism over Microsoftis Palladium plan. Mr. Forno blames the Redmond Giant for the security fix the Internet is in and sees nothing but trouble if Palladium catches on. He says:

Isnit it ironic that the company responsible for nearly every major computer security problem, virus, and backdoor [sic] -- thanks to its poor software development and testing among other factors -- is now heralding its ability to make everything right in a stroke? One might sense this is a manufactured problem resulting from Microsoftis inability to develop effective software in the first place. As is commonly known, the single most significant factor contributing to the dismal state of todayis internet security is Microsoftis complacency, rather than hackers, crackers, and pirates. As I mentioned in an earlier article, weire vulnerable because Microsoft makes it so damn easy for the bad guys to cause mischief. (Itis also a result of lazy or incompetent system administrators, poor network design, and clueless executives and Congressfolk, but thatis another essay.)

I agree with him for the most part. As much as Iid like to, however, I canit heap all the blame for the sad state of security on the Internet on Microsoft. Whether we like to hear it or not, some of that blame belongs to us, the people who buy Microsoft products.

I believe that people, in general, hate change. They hate change so much that they are willing to put up with all kinds of crap just to keep from changing from what they think they know. Think Iim wrong? Take this little test:

  • Think about something you like to do or eat: for instance, letis say that when you drive home, you always take a certain route. The only time you consciously change your route is when something prevents you from taking it.
  • Now, ask yourself why you take that route. Youill come up with some good reasons: shortest route, goes by places you like to see, maybe thereis no good reason at all.
  • Finally, ask yourself why you donit take another route. Just because another way is longer doesnit mean itis not worth taking once in a while. How do you feel about changing routes initially?

What I think youill discover is that you, just like the rest of us, are resistant to change. Marketing people know this, they depend on it, and so does Microsoft. We buy certain products and do certain things, not necessarily because the products are the best or the things we do are the easiest, but rather because we get use to them. Weive used the product, or done the deed, before, and we think we know it. Why bother learning something new, we reason, even if by doing so we help ourselves and others?

The problem we now face with Internet security is not just Microsoftis fault; we continued to buy their stuff even though they have demonstrated that they either cannot or will not make a secure product. We make them the big target for hackers, we allow them to use us to test for security holes. To be sure, there is no such thing as a completely secure Internet products, but UNIX has been around for a heck of a lot longer than any Microsoft product and youid be hard pressed to find the number of viruses and hacks on any UNIX system compared to Microsoft systems.

Of course, the question to be asked is: would the Internet be a more secure place if Microsoft wasnit so dominant? Absolutely, and the only reason Microsoft is dominant and will continue to be dominant is if people continue to buy Microsoft products. This ainit rocket science, but itis easier to plop the blame on someone than it is to change.

Back to the Palladium thing: what is scary about this is that Microsoft intends to ram this down the publicis throat. Like it or not, if you use Windows, you WILL use Palladium. Oh, and youill have to like it after all. Chip and computer makers are signing on to help the Palladium effort, as reported in Mr. Levyis article:

Because its ultimate success depends on ubiquity, Palladium is either going to be a home run or a mortifying whiff. "We have to ship 100 million of these before it really makes a difference," says Microsoft vice president Will Poole. Thatis why the company canit do it without heavyweight partners. Chipmakers Intel and Advanced Micro Devices have signed on to produce special security chips that are integral to the system. "Itis a groundswell change," says AMDis Geoffrey Strongin. "A whole new class of processors not differentiated by speed, but security." The next step is getting the likes of Dell, HP and IBM to remake their PCs to accommodate the system.

"Itis one of the most technically complex things ever attempted on the PC," says Gartner analyst Martin Reynolds. And the new additions will make your next computer a little more expensive. Will the added cost -- or a potential earlier-than-otherwise upgrade -- be worth it? Spend a day or two with the geeks implementing Palladium -- thrilled to be talking to a reporter about the project -- and youill hear an enticing litany of potential uses.

Should you be concerned? You had better be. There is something oddly unsettling about viewing Microsoft as a benevolent overseer. All the more reason to stick close to your Macs.

Vern Seward is a frustrated writer who currently lives in Orlando, FL. Heis been a Mac fan since Atari Computers folded, but has worked with computers of nearly every type for 20 years.