CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Here we go again

CNET News.com's Charles Cooper says that after two decades' worth of Swiss cheese software security, the world's biggest supplier of operating system software has run out of excuses.

Here's how my day went: E-mail was the first to go in the morning. Then the phone--a voice-over-Internet protocol system that uses Windows Server software--went down. Just to complete the hat trick, Microsoft Word's cut and paste feature conked out without any explanation.

Misery loves company and I was not alone. For the umpteenth time in recent memory, companies around the globe were sent scrambling to catch up with an Internet worm that penetrated a security hole in Microsoft Windows. As that noted computer scientist Lawrence (Yogi) Berra surely remarked on a similar occasion, it was deja vu all over again.

Recall that more than a year ago, Microsoft made a big production of its determination to put this issue to bed. After getting repeatedly hammered for shipping versions of the Windows operating systems that were vulnerable to nasty hacks, the company let it be known that it had had enough. In January 2002, Bill Gates sent out a well-publicized company memo elevating security to the top of Microsoft's priority list.

The Redmond spin machine did a fabulous job of convincing the world that Microsoft was listening to its customers and working harder to provide better software security. The company proceeded to take the unprecedented step of shutting down software development for an entire month to let its people turn their full attention to the job at hand.

But such is the burden of being a monopolist whose software dominates the world. Companies here and abroad expect this stuff to be bulletproof, not a perennial work-in-progress. Since when should a company receive kudos for fixing something it should have taken care of years ago?

Microsoft has argued that this is hard stuff to master. No doubt. But is it much more complicated than airline engineering or bridge construction?

Since when does a company receive kudos for fixing something it should have taken care of years ago?
Funny thing about expectations. Travelers getting onto planes expect to debark in one piece. When people drive across a bridge, they do so confident about exiting safely on the other bank. If the plane or bridge dumps out halfway, I doubt surviving family members would be consoled by the promise that Version 1.1 will take care of the glitches.

People's lives don't usually ride on the security of operating system software, but a work force reduced to twiddling its thumbs waiting for the IS department to repair a worm's damage doesn't make for a pretty picture.

To its credit, Microsoft did issue a patch for this latest worm after it was a couple of weeks ago. However, I'd do a hard stop right there.

After two decades' worth of Swiss cheese software security, the world's biggest supplier of operating system software has run out of excuses.

If this were the exception rather than the rule, I would agree that the customer should be held responsible for making sure the latest fixes were downloaded onto a company's computers. But after two decades' worth of Swiss cheese software security, the world's biggest supplier of operating system software has run out of excuses. It took scientists less time to map the human genome

Businesses, which rely on the assumption that Microsoft operating systems will stand up to attacks, might have assumed the statute of limitations on making lousy software ran out with the last of the Internet sock puppets. Users should be so lucky.