Microsoft security--no more second chances?

CNET News.com's Charles Cooper says the software maker is running out of excuses for a history of poor security.

Charles Cooper
Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
2 min read
As if Homeland Security Secretary Michael Chertoff didn't have enough on his plate.

Not only has he had to deal with Katrina and Osama. Now he's also got to whip Steve Ballmer and the crew at Microsoft into shape. If past is prologue, that last task may be the most daunting of all.

In a remarkable declaration earlier this week, the Department of Homeland Security--a bureaucracy set up to deal with stuff that generally falls under the category of national emergency--called on all users of Windows software to install a new security patch issued by Microsoft.

This wasn't your garden variety flaw. The fear in Washington was a repeat of something like the chaos caused by the MSBlast worm in 2003.

By now, Chertoff's people must be thoroughly frustrated that Microsoft still turns out poorly designed products.

By now, Chertoff's people must be thoroughly frustrated that Microsoft still turns out poorly designed products. What with terror plots being uncovered overseas and threats of airline bombings, cybersecurity obviously is not the top headline this week.

But the threat of a network meltdown has not disappeared--especially when flaws so regularly turn up in Windows, the computer operating system most people in this country use.

The Microsoft monoculture is a fact of life in government and corporate circles. And that comes at a price in the coin of vulnerable computer security.

Microsoft contends that the situation is improving and that it's doing the maximum to make sure that Windows and the other software products it sells go out the door with as few problems as possible.

Each month, the company issues a security update in which it patches problems. And every Microsoft spokesman within earshot can be counted on to solemnly pledge the company's maximum effort.

It's a familiar refrain.

Ever since Bill Gates announced Microsoft's Trustworthy Computing initiative four and a half years ago, the company says it has reshuffled its development priorities. Cool new features were to take a backseat to improved security and privacy.

Yet the problem lingers. In the last three years, Microsoft has issued an increasing number of yearly security bulletins, in which several patches get put online to fix problems in existing applications. The company sees this as evidence that it's on top of things, not an indictment of managerial incompetence.

If you want to find someone to blame, Gates says, point a finger at the "malicious people" out there looking to "take advantage of whatever things there are."

What did you expect him to say? That it's Microsoft's fault? That would be too hot to handle. Gates and the rest of the brass stick closely to the script but clearly know that Microsoft can't keep turning out finished products that are as porous as Swiss cheese.

Defenders will argue that it's unfair to demand perfection from Microsoft; that software is an imperfect art. And besides, they add, is the Mac operating system or Linux bulletproof? Clearly, the "="" data-asset-type="article" data-uuid="7e8a0e8d-fee0-11e4-bddd-d4ae52e62bcc" data-slug="microsoft-patch-tuesday-updates-on-the-way" data-link-text="when "Patch Tuesday" rolls around">. Another few holes get closed with a magic Microsoft download, and we're safe (unless the bad guys first found a way to burrow into our systems).

Here's something to consider: If bridge builders or airplane designers applied the same standards to their labors, do you believe that the public would so easily forgive the regularity with which bridges would collapse and airliners fall out of the sky?