Stuart McClure 

Jealousy or shoddy workmanship? Why operating system is vulnerable to attack

Stuart McClure: Microsoft has turned from garage startup to what some would call a global monopoly in just over 20 years. And it has done it quickly. Who wouldn't be jealous of this success?
  
  


People have made a living recently taking pot-shots at the largest software company in the world. And why not? Is there an easier target today? Microsoft has turned from garage startup to what some would call a global monopoly in just over 20 years. And it has done it quickly. Who wouldn't be jealous of this success?

But are Microsoft's security ills the result of jealousy or just plain poor programming? The answer is most likely something in between. Windows has grown from around 15m to more than 50m lines of code in just a few releases.

The problem with writing tons of code is that it inevitably introduces more flaws. It is simple maths - the more products and code, the more potential flaws.

Additionally, when more computers come online, and those computers run predominantly Microsoft products, the desire to find flaws in the operating system rises, largely because it has broader impact.

The people who discover vulnerabilities and write viruses and worms choose Microsoft because it is simple to obtain, and easy to install, and by targeting the operating system they can have a dramatic influence in a short period of time.

The open source community has tried to convince the world that it is a better model than the closed source world of commercial vendors like Microsoft.

The theory is that an open source code allows for greater review and scrutiny and thereby reveals more flaws in its design. While this sounds good in practice, it is only a theory. Open source review has yet to be realised in anything over a couple million lines of code, in such programs as Linux. The final verdict may not be in for some time.

Ultimately, the data to support either a "shoddy workmanship" or a "pure jealousy" explanation to Microsoft's security ills has not been realised.

But every vendor has significant security problems, whether they are Sun, RedHat, Cisco, Novell, MacOS, Oracle, or Symbian.

The only question is whether we have found them yet. Keep searching, and demanding that vendors like Microsoft take security seriously. It is the only sure way to make the world more secure.

· Stuart McClure is chief technology officer of Foundstone and co-author of Hacking Exposed: Network Security Secrets and Solutions, the biggest-selling book on computer security.

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*