Wednesday, August 25, 2010

Windows Security (part II)

Well it's been about a year since I looked at the Windows security problems:

I thought I'd check in again to see how much progress has been made in securing the operating system.

In a nutshell, not much. Looking at Secunia, Windows XP is now rated at "highly critical" vs "extremely critical." I suppose that's some progress. :)

This week, there's been a "new" line of attack discussed, focused on insecure dll loading. Though it's not exactly new. Microsoft has been sitting on it for ten years without fixing.

On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.

So in summary, despite having 80,000 employees and billions of dollars in revenue rivaling a small country, Microsoft won't be fixing this security problem. Instead, they will stick a bandaid on it. Predictably, this bandaid won't work any better than the hudreds of other bandaids it's stuck on top of. But since they started off with a bad idea, fixing the bad idea would break backward compatibility. :)

I would predict some real trouble for Microsoft in the future. As a tech company, they've pretty much stagnated.

As far as their core products go, a lot of alternate software is being developed that is both free and in some cases works better. How are they going to be able to compete against "free" in the long run? Can Microsoft Office really do much more than OpenOffice anymore? And each year, the free software gets better, the proprietary software not so much. How much more can a word processor do? What more can an operating system do, besides provide a little clicky button to launch an application, and not be a virus magnet?

I don't see this improving any time soon. Their stock price summarizes it all:

No comments: