Bill Gates declared last February as the month all Microsoft employees would work at making its software secure.
The problem is that insecurity is part of deliberate design of Microsoft software.
Here are a few examples:
* VBA Macros. Until Microsoft allowed documents to store macro code, document files were secure from viruses. You could always trust a document. No more. Now virus scanning softare takes longer, because every document is suspect.
* Homogenous software. In the late 1980s. Bill Gates declared that every computer should run Windows. If that dream came true, every computer becomes at risk -- as the masssive virus outbreaks of 2003 demonstrated. Fortunately, there is still some variation in software. Most palm-size computers use PalmOS; most phone companies ignore Microsoft software; servers tend to run Unix and Linux.
* Registry. In older versions of Windows, hardware drivers and software programs used .ini files to store parameters and settings. INI files were in plain ASCII, thus easy to parse; an error in an INI file affected just the one program. The registry is a foul idea that stores all settings for all software and hardware in a single, vulnerable file. A single error in that monster file screws up the entire computer system.
* Dynamic Link Libraries. There are two ideas behind DLLs: (1) have software take up less disk space by having portions of code used in common; and (2) lock software companies to Microsoft by making it easy for programmer to rely on DLLs. All software has bugs, including DLLs. Some software wrote workarounds to deal with the bugs; when a new version of the DLL fixed the bugs (perhaps installed by a different program), the other programs fail to work.
* Outlook. This email software, written by Microsoft, was no doubt the biggest propagator of viruses in the last several years. Its design allowed innocent home computers users to unknowingly inflict countless hours of lost productivity on millions of people.
Comments