Exclusive research into the viability of Microsoft security
The past 12 months have witnessed a worrying escalation in the number of vulnerabilities that can lead to internet-based attacks on organisations and compromise their information infrastructure.
2002 was also the year that saw the launch of Microsoft's Trustworthy Computing initiative, a significant re-purposing of the company's strategy, which now places security as the principal priority in all its products, changing it from an optional setting to a default, in order to meet the twin challenges of information risk management and internet crime.
Recent threats, such as SQL-Slammer in January and a critical Win2000/IIS vulnerability in March, have exposed potential vulnerabilities in Microsoft's products, the difficulty in deploying them securely, and the challenges of keeping them secure as threats evolve over time.
While the company offers an ambitious vision of a more secure future through the next generation of Microsoft products, to achieve a higher degree of market confidence in Trustworthy Computing, the company has to find ways of tackling the many thousands of published and un-published vulnerabilities. These can potentially compromise millions of unpatched legacy products running under licensed and unlicensed versions of Windows 95, Windows 98 and Windows NT across the globe.
The devil in the detail
Are Microsoft products more vulnerable than the alternatives and in particular, those available from the open source community?
Independent research now suggests that the accusation of generic weakness in Microsoft's products, when contrasted with Linux, is statistically exaggerated. Microsoft's market share makes it proportionally the biggest victim of attacks, but the argument used against the company is equivalent to insisting that Fords are statistically less safe than Ferraris because a greater number of accidents involve Fords.
The results of the most recent Symantec Internet Threat Report illustrate how internet threats have intensified and evolved in many ways while remaining relatively stable against other criteria. Although the overall number of attacks decreased last year, the number of vulnerabilities rose alarmingly. Symantec documented 2,524 new vulnerabilities in 2002, up 81.5% from the previous year.
Simon Moores is director of www.zentelligence.com
This was first published in April 2003