Escaped Code Red? You may not always be so lucky

In his Observer column John Naughton wrote, "For normal humans, feeling attached to software is as bizarre as being fond of the...

In his Observer column John Naughton wrote, "For normal humans, feeling attached to software is as bizarre as being fond of the tarmac on which we drive."

Naughton's argument is that we have become so accustomed to one software company's view of what should and should not be part of the greater computing orthodoxy that we can no longer see clear, practical alternatives that will allow us to exercise any real freedom of choice.

The Code Red panic again revealed how vulnerable Microsoft's popular Internet Information Server (IIS) is once it is connected to the Internet. Two-thirds of all Web defacements are now centred on IIS. And the software is installed on approximately six million servers.

In advance of the predicted Internet Armageddon on 1 August, there were two million downloads of the fix needed to prevent the worm digesting any unprotected Web servers. Reuters reported that Code Red has already cost its victims an estimated $1.2bn, and the final bill may well be as high as $8.7bn.

The Internet can be a scary place. If you own a Web server, you worry about worms; if you have a mail client, you worry about viruses; and if you are simply browsing the Web from home, you worry if you don't have a personal firewall in place. Much of the time that concern surrounds a single common denominator, your choice of software supplier. The evidence shows that Microsoft, for all its strengths, its gifts of feature and functionality, its consistency and its competitive pricing, still has not found a reliable way of dealing with the Internet-related risks that surround some of its most popular products.

Oliver Roll, Microsoft's director of marketing, says, "You can't plan for every eventuality. Microsoft has the most secure software available in the industry.

"Is the benefit I am getting from choosing this software greater than the risk I am taking?" he asks.

Whether you choose to accept the statement that, "Microsoft has the most secure software in the industry" is up to you. The benefits of Microsoft technology are undeniable, but six years after Microsoft first discovered the Internet should business really be expected to shoulder so much risk, potential or otherwise on such a regular basis and with such a limited recognition of responsibility on the part of Microsoft?

You don't need to be clairvoyant to predict that another big security compromise may be around the corner. If you have been lucky up until now, it is only a matter of time perhaps before software security becomes very personal.

In the words of one source close to Microsoft, "I can see another Babel looming. It wasn't the tower that brought people to their knees, it was the overreaching ambition of what the tower did for them."

Simon Moores is chairman of the Research Group

Read more on Business applications