Digital Journal — Imagine buying a car that requires constant fixing. Not that unusual, you say, but how about twice a month? Forget common oil changes; this upkeep focuses on life-or-death vehicle health. This manufacturer asks you do fixes yourself with instructions from the company’s website. It’s free, but constantly interrupts your daily routine.
If you’re a Microsoft consumer, then you’ve been through that never-ending patching. From security holes to server viruses, vigilance is the only answer to overcome the exploits plaguing the ubiquitous products. But Microsoft isn’t one to highlight its weaknesses, which explains why its employees tend to skirt the issue expertly.
When I asked Derick Wong, Microsoft Canada’s senior product manager regarding security, about his company’s vulnerabilities surrounding Windows Server 2003, he replied, “Oh, you mean Patch Tuesday? Hey, it happens. But don’t worry, everything is secure. We know what we’re doing.” He referred to Patch Tuesday casually, implying that the biweekly security updates have become so routine barely anyone flinches.
Wong spoke to me at one of those pat-ourselves-on-the-back events titled “IT Heroes of Innovation,” where Microsoft Canada celebrated the first birthday of Windows Server 2003. Crammed into the glass-encased building’s conference room were eight companies eager to share their Windows-is-great stories. Media professionals seemed poised to spread the carefully crafted messages.
Kevin Hunter, senior product manager of Microsoft Canada, took the podium and said, “IT professionals have told us that they are spending 70 per cent of their budgets on running existing applications and only 30 per cent driving new applications.” With the enthusiasm of an infomercial pitchman, waving his arms, he declared, “Microsoft has a robust offering. Now that’s efficiency!”
Oh, really? Many critics would scoff at that assertion.
Cameron Smears is a tech-savvy PC user who uses Linux as his firewall and router. “I’d rather use a free open-source operating system that is not the target of hackers and shit disturbers,” he says. “I can’t afford to spend hundreds of man-hours patching problems.” Smears thinks hackers target Microsoft because they resent the company, accusing it of being monopolistic.
Microsoft has also been accused of having a soft defence. Only a month after the Server 2003 release, Microsoft released a security patch to fix a vulnerability that could let malicious sites run damaging code on the server.
Phillip Tonnelier, of Linux Canada, blames Internet Explorer, citing how an average Windows user can click on a site that will automatically install a program that eats up hard drive space. (I recently faced such an annoyance when Golden Palace Casino suddenly started booting up every time I turned on my computer.)
Patch announcements are now de rigueur for Windows Server users, and the patch ratings usually hover in the “important” area. “Critical” is reserved for the most serious warnings, when the vendor is truly worried hackers or viruses might be messing with remote systems.
To be fair, Windows Server 2003 does deserve praise for offering its most secure package yet. Wong calls it the “cornerstone of integrated innovation,” adding that a patch can execute multiple updates. Compared to Windows NT or earlier versions, the package improved tremendously: Server 2003 turned off many services by default, thereby preventing easy infiltration by loners who subscribe to Hacker Quarterly.
“This is all about trustworthy computing,” Wong says, dropping a phrase Bill Gates espoused two years ago in a memo to all Microsoft employees. Gates urged that “products should emphasize security right out of the box,” and Microsoft “must constantly refine and improve that security as threats evolve.”
With the worms and viruses spreading across he World Wide Web, this era is one of evolving threats. Gates and company are improving their products undoubtedly, but they haven’t reached that benchmark where Microsoft users can breathe easier.
Back at the Server 2003 birthday party, security holes are rarely mentioned. Instead, companies trumpet their Microsoft triumphs. Web developer Colin Bowern, of InDimensions, switched from Linux to Windows to “be more innovative” with his sites for music groups like The Cranberries, Blue Rodeo and Ziggy Marley. “We can now deliver 99.9 per cent website uptime,” he asserts, adding that cost-benefit analysis encouraged this shift to a Microsoft-friendly option.
It’s no surprise Microsoft can be as confident as it is, considering the pull it has in the IT world. The manufactured birthday party was one “jolly-good-fellow” short of a self-congratulatory ego trip.
But there’s a piece of literature I didn’t see at this perma-smile party: Hacking Exposed: Windows Server 2003, a 538-page instructional book on protecting your system from the “latest widespread and devastating attacks.”
At the very least, it would’ve made a nice conversation starter.
This article is part of Digital Journal’s national edition. Pick up your copy of Digital Journal in bookstores across Canada. Or subscribe to Digital Journal now, and receive 8 issues for $19.95 + GST ($39.95 USD).
