Mark Morford has written a little article on SFGate entitled = "Why does Windows still suck?”. Mark appears to be getting backed up by Ken Fisher at Arstechnica among others. In Marks article he complains that Windows is garbage because there is so many attacks against it, viruses, spyware, trojans and the like. Here are some really nice quotes:
“Why is there not some massive revolt, some huge insurrection against Microsoft? Why is there not a huge contingent of furious users stomping up to Seattle with torches and scythes and crowbars…” “…demand for Bill Gates' cute little geeky head on a platter.”

Now I’m completely biased here, so I’ll just state that up front. But what I’m really getting frustrated with is why nobody seems to express the same sort of outrage towards the actual ‘cause’ of this problem: the criminals, no cyber terrorists, that are committing these acts. I don’t hear the same chants of ‘hunt them down, and string them up.’ I apologize in advance for the analogy, but it seems to me that if terrorists attack your country and your infrastructure, you certainly have a right to demand that your government do more to improve security, but you also have to realize that the actual crime was committed by the terrorists (not your government) and you need to put as much emphasis in going after them as you do in beefing up security.

Just to carry tired analogies further: It’s a dangerous world, getting more dangerous all the time. If someone breaks into your house and steals your stuff, sure your frustrated. Maybe you march right up to the Mayors house and demand his head on a plate. Or maybe you go after the company that built your house. Never mind that you left all your doors and windows open. Never mind that the newspapers warned of a robbery ring in town, or that police handed out free dead bolts just a month earlier that you were too lazy to install. Or that a community group offered you a free security system and you declined. Or that you voted against a tax increase to fight burglary.

Ok now I’m just rambling. I guess my point is just that we all need to share some responsibility here to fight against these attacks. Lets face it they are not just attacks on us as individuals or attacks on Microsoft. They are attacks on our society as a whole. This form of terrorism costs countries and ultimately you and I, billions and billions every year. It weakens our infrastructure and our economy. We should take these attacks seriously and see them for what they are –terrorist acts. When was the last time you read about a virus writer, malicious hacker, or illegal spammer getting more than a slap on the wrist for his or her crimes?

If you think that this is entirely Microsoft’s fault then you are being very naive. If you think that Linux and Mac are perfectly secure, then by all means switch. Security by obscurity will work for awhile, but I reserve the right to say “I told you so” in a couple of years. The fact of the matter is that no system is perfectly secure, or will ever be. This problem, like most in the world unfortunately, is just not as simple to solve as singling out one guy and saying “off with his head”.

I agree with you totally, and was also considering biting my tongue on making a post. The comments on Slashdot were predictably dumb and uninformed. Windows XP is the best piece of work Microsoft has done. How are people still claiming it sucks?

This is equivalent to the FUD articles talking about how "spyware invades your PC, etc. etc." It doesn't happen automatically, people! There is no accountability in any of these articles to say "DON'T click on ILOVEYOU.EXE", or download KaZaA! The reporters aren't interested in solutions. They just want to complain and spread fear. But this is nothing new.

There are basically no details in this article. It's nothing new that if you run your computer on the internet without a firewall or NAT device it is going to be hacked. This was well known years ago, and is why any modern DSL, Cable or WiFi device has NAT built in. So was something like this used for her laptop? Secondly, what OS was she running? XP SP2 comes built in with a firewall, and would presumably not have these issues - so does Windows "still suck"?

This is just such a classicly poor journalistic piece. She's running an admittedly old laptop, probably with Win98, on broadband without a firewall. Why doesn't he mention that SP2 has a firewall, or that you should install ZoneAlarm (which is free) or get a hardware NAT at home? Nope - It's just MS's fault.

When you have 95% of the PC users, you are the biggest target, so there are the most number of people trying to write apps to exploit your OS. Just like your platform has the most of games, filesharing apps, divx codecs, etc. And Windows isn't alone in security problems, Mac and Mozilla also had the recent jpeg bug. I wouldn't put a stock Linux or Solaris box on an unsecured broadband connection either...

As market leader, I think Microsoft does need to take more responsibility for these security issues, however. There is still no setting in Outlook Express to not load remote images in emails (called web-bugs). IE still doesn't have decent popup blocking built-in (many of these pop-ups lead to spyware and are basically spam). They should have acquired Zone Alarm a year or two ago and integrated it.

Microsoft does seem to only add features to their software that a) they can charge for, or b) screw their compeition, and so in this way they have no reason to improve their browser, os or free email client. Then again, they're a company, and it's a rare company that doesn't live and die by this philosophy.

Fortunately, competition is now pushing them to improve the security of their products, and SP2 is a step in the right direction. I hope they keep it up.

I read the article the other day, and as is typical of news these days, it takes to flaming one company in order to increase their page views.

I completely disagree that getting you computer hacked is terrorism. That's just hysteria! If someone breaks into your house, steals your credit card and buys stuff, is that terrorism? No. It is a crime, and should be punished. Labelling something "terrorism" or "terrorists" is the new Hitler. Guilt by attempted association and appeal to emotion.

MS makes the largest platform out there, so of course there are going to be a disproportionate number of attacks against it. But you can't claim that the Mac or Linux or Firefox is security by obscurity... it's security by correct design: you don't let arbitrary ActiveX controls automatically download themselves and run locally with full priveledges! That's the design choice that the IE team made! Talk about complete incompetance!

As more of the world moves online, you get a larger group of people without deep computer knowledge. This is exacerbated by the fact that software and hardware are getting vastly more complex and powerful. How can these people be expected to become computer security experts simply because the IE team is criminally negligent?

The car analogy: Am I supposed to know every detail of a car's engine and braking system when I drive? Can't I just expect that government regulations and the car companies have certified my car's safety? Having a safe vehicle with locks and alarms and regular maintenance doesn't prevent the car from being stolen, but it does raise the bar. If it does get stolen or broken into, the people that did it are bastards, not terrorists. If the car company makes a bad design and people get hurt, that's negligence and they get sued.

Car, door, window locks are obvious things. Computer and network security are in no way obvious, like the operation of my car's engine or braking system. I wouldn't know what to look for there. If people get a wireless router for NAT and firewall, there are still loads of setting (SSID broadcast, MAC filtering) that they wouldn't understand. They are just relieved that it works.

If IE (and outlook, with mail attachment handling) had been designed properly in the first place, then maybe you could blame people for doing something stupid, like leaving the keys in the ignition. But when the keys are built into the ignition (you know, for convenience), then you blame the car company.

Just to be clear, I don't like all the rabid pro/anti articles, but I think that MS really dropped the ball on security and is only now doing something about it. Unix systems (Mac, Linux) were built so that you don't run as root, to name just one example. That doesn't mean that Windows sucks, I certainly don't think it does. It just means that people have to learn more about security than they should in order to use Windows safely. That, and never use IE.

A good point that John and I talked about last night is that technology has increased the ability of people to do harm: a car burgaler can steal only a limited number of cars per night, but a virus writer can do damage to millions in the same period of time with one bad web site.

Punishment should be dispensed in proportion to the damage done (with all the usual accounting for intent, past behaviour, etc).

I think people are mad at virus writers but we don't know where they are. Bill Gates on the other hand I can find. Microsoft is simply a target of oportunity here. They also suffer as Paul said because there is a preception that there code is insecure. As a "MacHead (tm)" you should probably take what I say with a grain of salt but I think Paul was on the money with his observation. Microsoft makes BILLIONS on thier software and if you sell a car with faulty locks then perhaps you deserve some critisism. Can I fix this. In some cases sure (Firewall router etc) but if I can do it why couldn't it have just come that way in the first place. Also just because I can solve some of these problems doesn't mean my grandparents or mechanic can.

Is this all Microsofts fault, no. Is XP better than windows xx, Sure. I could crash my NT machine at work in about 15 minuites back in the day if I wasn't carefull. Criminals need to be hunted down and treated like criminals but it's not like their's not plenty of blame to go around and when your making billions of dollars and it's your code in the getting hacked in the news don't be suprised when people get peeved at you.

Name:

Captcha:

Comments:

All links will be marked with the nofollow tag, making them useless for search rankings. Any posts containing spam URLs will then be deleted.