Barney's Rubble

Security Stalemate

While Microsoft's dedication to software security should be the gold standard for others, it's a war that the company will never win.

Microsoft is about as out of the security woods as Paul Bunyan. But it isn't for not trying. The company has spent the last 10 years obsessing over every line of code, working with law enforcement to hunt down cyber criminals, cooperating with enemies to build standards for interoperability, and writing Security Essentials -- a free (gasp!) anti-malware tool that's actually pretty good.

That's just the half of it. Microsoft has the Security Response team (which should be legendary) and Patch Tuesday (which is legendary and, quite frankly, puts Apple to shame).

All this, and Microsoft still has little more than a security stalemate. That's got to be frustrating for the fine folks in Redmond.

Put simply, Microsoft is fighting a force that's getting stronger even as Redmond's software defenses likewise gain strength. It's like Ali vs. Frazier on steroids.

Some of the ongoing vulnerabilities are Microsoft's doing. Its software gets larger, which makes sense on the server but not so much on the client, where it presents a larger attack surface. And the churn creates constant new code to attack.

What Microsoft can't stop is the fact that new hackers are created every day, and many are script kiddies who take code written by those with a modicum of talent and simply tweak it and resend it -- oftentimes with success.

Criminals have found there's gold in them thar computers. Often residing overseas, thieves and rogue elements of bad governments are highly organized, and find there's no better target than the most common and best understood style of computing: Microsoft's style.

To make matters worse, authorities by and large aren't serious about hackers, don't have proper knowledge and tools, and have worse funding than Enron in its final hours.

I see Microsoft spending the next 10 years tightening security even further. With sandboxes and virtualization, we might see an exponential increase in protection. But unless governments also get serious about hunting cyber criminals and dishing out real penalties, while the war will rage on, we'll still have a stalemate.

The only game-changer could be the cloud. Google just sent me a Chromebook. This thing is all Web. I'm not sure what I think so far, but I do know there are no Windows DLLs, so there's no malware.

That could be the beauty of the cloud. Our clients are safe because they're dumb, and we don't care. Our servers are safer because we don't have as many. And the cloud should be safer because those who run it are 100 percent focused on securing the limited number of apps they control.

Am I dreaming? Straighten me out at

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.


  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

  • SQL Server 2019 Licensing: How Much Does It Cost and What's Included?

    Microsoft has clarified the more confusing elements of SQL Server licensing and extended major benefits to customers. The catch is that Software Assurance is required to take advantage of them.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.