Home Business IT Security Microsoft: Typhoid Mary wants others to carry the can

Microsoft: Typhoid Mary wants others to carry the can

COMMENT Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one's own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders' shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft's culture has always been defined by Gates.

Scott Charney's comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.

For Microsoft, security has always been a PR problem. A good example of how it goes about conveying this message to the masses is detailed here.

Microsoft is the Typhoid Mary of the internet - with a little twist. The company is fully aware that its products are the problem; Mary Mallon was a carrier of typhoid and was unaware of it.



COMMENT But back to Charney. The Microsoft security chief wants websites to devise a means whereby infected PCs can be detected and blocked from gaining access to said website. This squarely puts the responsibility for containing the digital equivalent of the bubonic plague - for which Windows is mainly responsible - on website creators.

It's a method of franchising a problem. It's like saying, "we've screwed up but we'd like you to carry the can - for free."

But when people like Charney advance solutions to push the responsibility for $ware onto others, others in the industry bend over backwards and form a cheer squad.

In this instance, we have Howard Schmidt, cyber security coordinator at the White House, saying Charney's "self-healing, self-detection, self-solving of consequences model" has merit.

And, of course, we have Microsoft's faithful acolyte, Symantec, saying, through its chief executive Enrique Salem, that "everyone has a role".

Australia's Internet Industry Association, a lobby group for the big ISPs, has also decided to carry part of the burden for Microsoft by setting up a website called icode which carried instructions for de-infecting one's PC. An infected PC is redirected to the icode homepage by an ISP. The icode project kicked off in December last year.

This will not fix the problem. No, it will only encourage more casual security practices by software vendors - after all, someone is out there with a safety net.

There's cause - in this case poor security in Windows - and effect - the various $wares. Dealing with the effects is of no use. If you have a cut on your hand and develop a fever as a result, it's no point treating the fever. Get rid of the cause - the cut - and the fever will disappear.

I'm waiting for the day when Microsoft gets serious about dealing with security problems in its products instead of calling on the equivalent of vassal states to do its job. Somehow, I suspect it won't come in my lifetime.



Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.