Barney's Rubble

Security Stalemate

While Microsoft's dedication to software security should be the gold standard for others, it's a war that the company will never win.

Microsoft is about as out of the security woods as Paul Bunyan. But it isn't for not trying. The company has spent the last 10 years obsessing over every line of code, working with law enforcement to hunt down cyber criminals, cooperating with enemies to build standards for interoperability, and writing Security Essentials -- a free (gasp!) anti-malware tool that's actually pretty good.

That's just the half of it. Microsoft has the Security Response team (which should be legendary) and Patch Tuesday (which is legendary and, quite frankly, puts Apple to shame).

All this, and Microsoft still has little more than a security stalemate. That's got to be frustrating for the fine folks in Redmond.

Put simply, Microsoft is fighting a force that's getting stronger even as Redmond's software defenses likewise gain strength. It's like Ali vs. Frazier on steroids.

Some of the ongoing vulnerabilities are Microsoft's doing. Its software gets larger, which makes sense on the server but not so much on the client, where it presents a larger attack surface. And the churn creates constant new code to attack.

What Microsoft can't stop is the fact that new hackers are created every day, and many are script kiddies who take code written by those with a modicum of talent and simply tweak it and resend it -- oftentimes with success.

Criminals have found there's gold in them thar computers. Often residing overseas, thieves and rogue elements of bad governments are highly organized, and find there's no better target than the most common and best understood style of computing: Microsoft's style.

To make matters worse, authorities by and large aren't serious about hackers, don't have proper knowledge and tools, and have worse funding than Enron in its final hours.

I see Microsoft spending the next 10 years tightening security even further. With sandboxes and virtualization, we might see an exponential increase in protection. But unless governments also get serious about hunting cyber criminals and dishing out real penalties, while the war will rage on, we'll still have a stalemate.

The only game-changer could be the cloud. Google just sent me a Chromebook. This thing is all Web. I'm not sure what I think so far, but I do know there are no Windows DLLs, so there's no malware.

That could be the beauty of the cloud. Our clients are safe because they're dumb, and we don't care. Our servers are safer because we don't have as many. And the cloud should be safer because those who run it are 100 percent focused on securing the limited number of apps they control.

Am I dreaming? Straighten me out at [email protected].

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.