Monday, March 15, 2010

Face Paint Artistry! Extra Creepy! By James Kuhn.

Microsoft sent out a patch March 9 for security holes in Office Excel and Windows Movie Maker. Recent reports also suggest that a zero-day vulnerability is currently being used to attack Internet Explorer 6 and 7, allowing malicious hackers to run remote code.

The software giant said it's aware of problems affecting computers because of the IE flaw. But it's just another in a long line of vulnerabilities that have yet to be patched in IE, Windows and several other Microsoft products.

Security has been an enormous issue for Microsoft throughout the years. As its software became more popular and as hackers became more sophisticated, Microsoft customers were being targeted at an astounding rate.

It has gotten so bad that some folks have opted for other operating systems and third-party software to try to reduce their chances of being hit by a hacker attack that could compromise their data and their identities.

In recent years, Microsoft has done a slightly better job of addressing security issues. Unfortunately, its efforts haven't been good enough. Security problems still persist in Microsoft products and the chances of them being eliminated in the near future are slim. Here's why:

1. Microsoft is a major target

If there's any company that malicious hackers can't stand in the tech industry, it's Microsoft. Many view Microsoft as a dominant company that has gone out of its way to keep other companies down. It's not good for Microsoft. Because the company has such a huge target on its back, more and more hackers are looking to pile on. Microsoft needs to temper its image as the mean, aggressive, 1,000-pound alpha gorilla in the software industry. I'm sure Google would gladly help it achieve that goal.

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it's probably rife with flaws that Microsoft hasn't heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.

3. The competition isn't big enough

Make no mistake, most security attacks are about money. Malicious hackers steal sensitive information, coax people into downloading malware or fool users into phishing scams because there is money to be made with each exploitation. Currently, the best place to exploit users is on Windows, since it has the most users. Mac OS X might have holes that hackers can exploit, but there are too few users running Apple OSes. If they want to make big money, hackers need to target Windows and its huge user base.

4. The company ignored it for too long

Microsoft ignored security issues for too long. Windows XP was one big security hole when it first launched. Only after two XP service packs were released did Microsoft finally address the concerns of the entire security community. When Windows Vista was released, Microsoft committed the same errors. Windows 7 is much better than its predecessors, but it's already too late. By ignoring security problems in the beginning, Microsoft is playing an unending game of catch-up with hackers.

5. Legacy issues

As the recent security outbreak in IE 6 and 7 has shown, Microsoft still has trouble with legacy products. Even though it's on to Internet Explorer 8 and Windows 7, there are still millions of people using outdated and less secure software from the company. Unfortunately, Microsoft can't watch all of the services it has ever offered and the bad guys know it. If Microsoft wants to improve its security track record, it needs to deal more effectively with legacy-product use.

6. Where's the focus?

At this point, Microsoft is so concerned about Google and Apple that it has allowed its focus in other areas to slip. It's a problem. As a company that's delivering several high-volume products across a wide array of industries, Microsoft needs to be able to confront issues that will undoubtedly come its way. So far, it hasn't done a good job of addressing security. Microsoft needs to focus more on security if it wants to make its services safer.

7. Microsoft is usually a step behind

It seems that Microsoft is typically a step behind hackers. Rarely do we hear of the company addressing security issues prior to an outbreak. On too many occasions, it patches its software only after finding out that users are being affected by attacks exploiting a hole. If Microsoft truly wants to address its security troubles, it needs to stay a step ahead, not pick up the pieces after malicious hackers achieve their goals.

8. Users can't be trusted

Unfortunately, not enough Windows or Internet Explorer users are aware of the security issues that go along with surfing the Web or downloading files to the desktop. They simply go out in the wild doing whatever they want in the incorrect belief that they will be safe. In some cases, Microsoft can't really be blamed for security problems. Sometimes, it's the novice user who doesn't know enough about security to stay safe. Security education is important.

9. Hackers are more sophisticated than ever

Microsoft hasn't just stood still over the past few years as rivals such as Apple pelted it over its security issues. Steve Ballmer and company have been actively working to improve Microsoft's many products. And yet, it's still fighting an uphill battle. Unfortunately for Microsoft, hackers are more sophisticated than ever. They know how to exploit users. And they have a better understanding of what it takes to exploit Microsoft products. It isn't good.

10. Few consequences

In the past, Microsoft has suffered few consequences for the security issues its products have faced. Apple has railed against Windows in ads and numerous security critics have spoken out against the company, but Microsoft has continued to enjoy billions of dollars of profits through the years even as security problems continue to plague its services. Windows is also still the chosen operating system in the enterprise. Until Microsoft really sees an effect on its business from security problems, the impetus to dramatically improve its security initiatives just isn't there.

Source Citation
"10 Reasons Why Security Problems Persist at Microsoft 393766." eWeek (2010). Computer Database. Web. 15 Mar. 2010.
Document URL

Gale Document Number:A220826201

No comments: