Through .Net, we can develop applications that can run anywhere -- on a PDA, native on a desktop or through any old Web browser.
I hope Microsoft can take that conviction and effort, multiply them by 10, and apply them to security. For years we've put up with one security flaw after another. We'd just patch and keep on going, hoping that some day things would get better. Maybe we just figured that all the hackers go after Microsoft because it's the top dog, sort of the way terrorists pick on the United States. The latest snafu proves that Microsoft is not 100 percent serious about security. Now it's time to stop making excuses, and for IT and Microsoft to say, "Enough is enough."
As security wonk Richard Forno so eloquently pointed out ("Who Needs Hackers, We've Got Microsoft", Dec. 20, 2001), Microsoft brought its latest problem upon itself. The company billed XP as God's gift to security. But a key new feature, Universal Plug and Play, blew up in the software vendor's face. This feature, like Sun's now-defunct Jini, lets devices identify themselves and interact. Jini was supposed to do this across the Internet, while Microsoft's stuff is aimed at local networks. What Microsoft saw as a feature, hackers saw as an opportunity. It would be child's play for a clever troublemaker to break into XP and mess with all the attached devices. Sure, Microsoft patched this XP flaw, but it's only a matter of time (maybe even minutes) before someone pokes another hole in the latest version of Windows.
Forno suggests Microsoft take Windows and go back to square one, rebuilding it with security as the absolute No. 1 priority. Without such effort, rivals like Linux will continue gaining share -- and may even start making headway on the desktop.
|
More from Doug
Take an unusual tour of industry happenings, and explore the interesting and the insane with Doug Barney's NetNews Weekly.
|
Network Computing readers seem to be leading this charge. I've received dozens of messages from readers who bailed on Windows and now run various forms of Linux on their PCs.
Sun Leads in Web Services
Security issues like this may be why IT seems to be favoring Sun's Java over .Net for building Web services. Nearly 80 percent prefer Java to .Net, according to Giga Information Group. Of course, Java is older, more mature and at least partially in the public domain. But perhaps more important, Java is truly multiplatform, while .Net is clearly aimed at securing the future of Windows.
Too Close for Comfort
Just how protective is Microsoft of its Windows franchise? The company is going to court to block a tiny competitor from using the term Lindows. Lindows.com is building a version of Linux designed to run Windows applications also. Microsoft argues that customers may confuse Lindows with the real Windows. I'll tell you how to spot the difference. Lindows won't run all Windows applications, but it also won't crash nearly as often. You make the call.
-- Doug Barney, dbarney@nwc.com
RSS
