The Disturbing Precedent of Microsoft
Microsoft is doing much to improve the resilience of its software against cyber attacks. The company should be applauded. Its history should not be emulated.
A recent InformationWeek article states:
...vulnerability disclosures in Microsoft software during the first half of 2008 "continued a multi-period downward trend, both in terms of all disclosures and relative to total industry disclosures." ...
"Because the operating system now has fewer opportunities for vulnerabilities, researchers and malware authors are looking elsewhere," said Jimmy Kuo, principal architect with Microsoft Malware Protection Center. "Vista is a lot harder to attack."
After at least four major iterations of Microsoft's flagship operating system (Windows), one would hope this to be the case. Vista is more secure than its predecessors. Finally.
But therein lays the issue. It is only after Microsoft achieved market dominance that it began to focus on the security of its software. A tad late, by any measure. And a disturbing precedent. Competitive software companies emulate Microsoft's success by releasing software with as many "killer" features as possible in a frenetic attempt to gain market share; security, if any, is an afterthought. It is no wonder that researchers and malware authors are looking beyond Vista. The software market rewards carelessness (or at minimum, lack of forethought) thus promising an un-ending supply of vulnerabilities to eager attackers.
While Microsoft might certainly revel in a promising trend for the company, it does so only after leaving a field of wreckage in its wake. It also answers an important question about the ability of the software market to self-regulate: consumers will indeed get secure software...once every software manufacturer enjoys 90% market share.
Comments