Microsoft recently announced its plans to buy the anti-virus software maker Sybari Software to beef up security features in its Windows operating system. This is the third major security-related acquisition by Microsoft in the last few years and has sent jitters to anti-virus software vendors such as McAfee and Symantec. This move by Microsoft also indicates bundling of security features in all its future products including Longhorn to be released in 2006.
Microsoft Windows has always been the victim of virus and security attacks. Notable ones being Code Red worm released on July 19, 2001 which exploited vulnerability in Microsoft Internet Information Server, affecting more than 250,000 computer systems in less than nine hours. Released on January 25, 2003, Slammer exploiting vulnerability in Microsoft SQL Server 2000, spread with astonishing speed, infecting 90% of all vulnerable computers on the Internet within 10 minutes. Similarly W32/Blaster worm exploited Windows vulnerability and attacked more than 7,000 computers in minutes of its release on black Monday, August 11, 2003.
In its recent security bulletin, Microsoft warned computer users of eight new critical-rated flaws in its Windows, Office and other software products. By giving priority to ease of use in its Windows operating system, Microsoft has left security holes in its operating systems through sloppy code. As soon as a security attack is detected, Microsoft normally issues patches that plug the vulnerability. However, it has realised that the attackers soon discover other vulnerabilities and exploit them.
n its bid to bolster the security features of its operating systems, Microsoft has released a built-in Firewall in its Windows XP service pack 2. Typically Firewall, which consists of a set of hardware, software and security policies that determine which traffic should be allowed or disallowed, is deployed at the perimeter of the organisations' network. With built-in Firewall, Microsoft is moving the Firewall from the network to the desktop computer. Configuring the Firewall with policies is technology intensive. Normally the network administrators do this job on the network Firewall. Very few of us know how to configure the Firewall on our desktop computer running Windows XP.
With the recent acquisitions, day is not far off when Windows XP service pack 3 will be released which includes even anti-virus software! Normally anti-virus software, much like a Firewall, is installed on the network and is managed by network administrators. With all the security features bundled in to desktop operating system, Windows is becoming bigger and resource hungry! Soon you will find your Pentium 4 becoming sluggish to even run the operating system, forget about other applications! While it is impossible to produce software which is one hundred percent error free and reliable, poor software engineering practices and the pressure to release code on time due to market pressures have resulted in this alarming situation faced by Microsoft.
It is time that the software developers and code writers took responsibility for their code and adopted good software engineering practices to build robust systems. What are the possible solutions for victims such as us, the Windows users? Due to the strong network externality effects, it is very difficult for a desktop Windows user to switch to an alternative operating system such as Linux which reportedly has lesser security vulnerabilities.
However, network administrators can give it a try. Though open source server operating systems such as Linux or Unix are complicated to administer and maintain compared to Windows 2000/2003, a move towards running mission critical services on non-windows platform reduces vulnerability of at least the servers of the organisation. While the recent moves by Microsoft spells death knell for security vendors, whether bundling of security products in its operating system will take Microsoft to court as was the case with its media player is an open question!
No comments:
Post a Comment