Microsoft products are a grave threat to global security

Let’s stop pussy footing around and just come out and say it. This is no longer an issue with one or two things not working properly on your Windows machine or the random behaviour issues that ultimately turn out to be something as innocuous as a corrupt setting or as serious as a Trojan.

This is an issue of whether Microsoft has handled the position of being the premier software development company in the world by making sure their products, and therefore their customers, are safe from complete annihilation at the hands of unscrupulous individuals.

Short answer : No!
Long answer : Hell no!

Virtually all software have some form of defect. Some minor in the scope of potential consequences that can lead to unexpected or annoying behaviour. Others so serious that, if the rest of the network is homogeneous, could lead to the downfall of an entire IT department. What makes Microsoft as serious a threat as it is, is the proliferation of its software. The sheer ubiquity of its products have given any microscopic defect a macroscopic scope of disaster by virtue of shared vulnerabilities.

Adding to this is the unspoken MS rule of thumb : Let’s ignore the 800 pound gorilla in the room.

The Gorilla in question is, of course, security. And by ignoring it, I.E. sending patch upon patch to the same defective core principles, MS has done virtually bupkis for the legions of users who are running their products. Whether you’re using only Windows, Exchange, Win Server,  SQL Server or some combination thereof.

You can put lipstick on a pig, but it ain’t goin’ to get any prettier.

What’s worse, Microsoft has socially engineered its customers into not updating. Probably because of ridiculous encounters such as the following in Vista as detailed by Shannon.

Imagine my surprise (which quickly turned to ire) when the update ended, and out of about 50 updates, listed 3 as having “succeeded” and 47 as having “failed”, along with three separate error codes, all unknown to Vista. I rebooted as per the instructions, and when the OS booted, it entered an infinite loop of “Reverting changes” and rebooting. I couldn’t find a way to halt it, so I had to reinstall the OS from scratch and try again.

Reformat, reinstall, run update…lots of errors, reboot, infinite loop. Sonofabitch.

Thankfully, he’s a computer expert. And was ultimately able to wrangle the OS by the Longhorns and get it to complete the updates. But that will never be the case with the vast majority of computer users who want to actually use their computers rather than waste their precious time on updates. 

This invariably leads to countless machines out there in the care of handlers without the time or the patience to apply these updates. And what is the end result? Supercomputers at the hands of criminals. You would think that those who are novice computer users or those who do nothing to secure themselves are falling victim botnet recruiting tactics. On the contrary. Otherwise computer literate individuals have also been affected by the multitude of patches MS needs to release on a regular basis.

Vulnerabilities go unpatched, and botnets rise. It is no surprise, then, that the vast majority (if not all) botnets are composed of Windows machines. The multitude of Windows systems out there that may also have other MS products installed (and the fact that many are unpatched as per above) make it the ideal target if one were so inclined to raise an army of virtual drones in a matter of months or even weeks.

And this brings us back to the afore mentioned global threat. Botnets aren’t just being used to send spam. Some of them may have fallen into the hands of other intelligence agencies or even terrorists who could use these machines to breach government systems. Which, for the most part, are also composed of Windows machines. 

In an age where even the U.S. military has fallen victim to poorly secured systems what chance do the rest of us have if our primary providers of software are less than willing to abandon flawed protocols when it comes to developing their products?

Some of you may argue that it’s unreasonable to criticise Microsoft for the blame that can be easily shifted to end users. But Microsoft has placed itself at an unreasonable position above the food chain for software, which makes it rather difficult, even today with the proliferation of alternatives, to avoid them altogether.

Willingly or not, it is in the same position as the seat of power of a crumbling empire. By virtue of being vast and being unable to control its frontiers, it has let down the people it serves. Any future advancements the company will still leave the vast majority of unpatched and older systems out there still vulnerable. Unless Microsoft has some sort of buy-back program for defective products.

2 thoughts on “Microsoft products are a grave threat to global security

  1. wrangle the OS by the Longhorns

    A+ for this brilliant rhetoric, good sir!

    The recent news that the Air Force had contracted Microsoft to build the most secure version of WinXP ever released for deployment by the entire branch was encouraging. But it will also serve as a final test as to whether or not Microsoft can, in fact, design and implement its software in a secure, hardened, and still easily accessible fashion. If they can’t procure something up to US military standards, then it could very well be the nail in their coffin.

    • Thank you sir!

      Wow, I didn’t know about the Air Force XP version. Shows I’ve been in a cave all this time.

      I just looked it up and it seems we won’t be getting a taste of that any time soon. Air Force only.

      They seem to have delivered so far and the number of penetration attempts and support calls have plummeted. But only time will tell if it’s really up to par.

      Meanwhile, they could have gone with a locked down version of Linux and built a distro in-house. But that’s another topic.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s