Home Business IT Security Microsoft: Typhoid Mary wants others to carry the can

COMMENT Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one's own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders' shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft's culture has always been defined by Gates.

Scott Charney's comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.

For Microsoft, security has always been a PR problem. A good example of how it goes about conveying this message to the masses is detailed here.

Microsoft is the Typhoid Mary of the internet - with a little twist. The company is fully aware that its products are the problem; Mary Mallon was a carrier of typhoid and was unaware of it.



COMMENT But back to Charney. The Microsoft security chief wants websites to devise a means whereby infected PCs can be detected and blocked from gaining access to said website. This squarely puts the responsibility for containing the digital equivalent of the bubonic plague - for which Windows is mainly responsible - on website creators.

It's a method of franchising a problem. It's like saying, "we've screwed up but we'd like you to carry the can - for free."

But when people like Charney advance solutions to push the responsibility for $ware onto others, others in the industry bend over backwards and form a cheer squad.

In this instance, we have Howard Schmidt, cyber security coordinator at the White House, saying Charney's "self-healing, self-detection, self-solving of consequences model" has merit.

And, of course, we have Microsoft's faithful acolyte, Symantec, saying, through its chief executive Enrique Salem, that "everyone has a role".

Australia's Internet Industry Association, a lobby group for the big ISPs, has also decided to carry part of the burden for Microsoft by setting up a website called icode which carried instructions for de-infecting one's PC. An infected PC is redirected to the icode homepage by an ISP. The icode project kicked off in December last year.

This will not fix the problem. No, it will only encourage more casual security practices by software vendors - after all, someone is out there with a safety net.

There's cause - in this case poor security in Windows - and effect - the various $wares. Dealing with the effects is of no use. If you have a cut on your hand and develop a fever as a result, it's no point treating the fever. Get rid of the cause - the cut - and the fever will disappear.

I'm waiting for the day when Microsoft gets serious about dealing with security problems in its products instead of calling on the equivalent of vassal states to do its job. Somehow, I suspect it won't come in my lifetime.



Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities