bit-tech.net

Flogging the Wrong Dead Horse

Some days, it just doesn't pay to get out of bed. That day might be most days lately if you're part of Microsoft's Secure Windows Initiative group. Particularly after Symantec's two most recent damning reports, it would seem the new OS actually somehow managed to be more dangerous than its predecessor. First, the new network code is untested and therefore exploitable, and now the new User Access Control can be exploited via ActiveX.

I'm all for a more secure operating system, but it almost seems like Symantec is trying to paint Microsoft into a corner. By publicly humiliating Microsoft's touted security efforts, the company seems to hope that the software giant will leave the security ring that it stepped into with Windows Live OneCare.

But is that a good thing? And is that all it is hoping for?

When Vista was in the planning stages and the programming first started, many people spoke publicly about the fact that the networking needed to be redesigned from the ground up. The goal here was to patch the many security flaws that grew from years and years of legacy support for software and hardware gone since shortly after the dodo.

Nevertheless, Microsoft did more than that; the company completely redesigned itself somewhere. Cocooned in its excuse of "We're designing the next big thing," it re-thought its entire outlook and created an entire planning process around more open standards and a tighter focus on security. The first butterfly to emerge from this cocoon? Windows Vista.

"Many people spoke publicly about the fact that the Windows networking code needed to be rewritten from the ground up..."

The funny thing is, everything that Symantec (and others in the security field) wanted Microsoft to do was done, and now Windows Vista is being taken to task for it. The network code is too new and the UAC is flawed. The lack of backwards compatibility is being considered a hindrance and the redesigned code can’t be secure because it is new and new stuff is inevitably not safe. A quote directly from the report:

"Microsoft has removed a body of tried and tested code and replaced it."

Isn’t that what the security firms wanted? Even more importantly, isn’t Vista still in beta? The last time I checked, that would be cause for a bug report, not a public security release.

The only conclusion that I can come to from this public display of (in)affection is a deliberate attempt to disgrace Microsoft. By showing how many flaws could be in the new Operating System, Symantec can show that it is still at the top of the tree when it comes to security. After all, Microsoft is nothing in the security sphere, just look at its record of accomplishment. In addition, what's wrong with pointing out the flaws, anyways?

This is poor ethics at its finest, dear friends and it hurts us, the end users. We're about to reject all of the changes we've been clamoring about for years, all so that Symantec can lay down its marketing ploy.



Back to top

Brett Thomas

Somewhere, somehow, Microsoft actually listened to us: Office is getting ODF support, Vista is running with a few things that have only been on Macintosh platforms for years, the networking has been redesigned to be rid of old loopholes. Hell, Microsoft even released the beta to anyone who wanted to try it, rather than the closed, secretive releases of yesteryear.

"The best company out there to make you feel insecure is the leader of security itself..."

Yet, when we read security report after security report (on a beta, I would like to remind everyone), Symantec erodes our confidence in the attempts that Microsoft has made to turn things around again. All we are left to feel is that another OS is right around the corner, full of holes that one could pilot the titanic, the Mir Space Station, and a herd of elephants through. It’s almost as if it wants you to feel insecure.

Oh wait, maybe that's because it makes every dime off people who feel a need to protect themselves, their data, and their computers from the hole that is sometimes referred to as the Internet. The best company out there to make you feel insecure is the leader of security itself.

It's like "Fox News" style reporting of the IT sector. And as Symantec eventually erodes the relationship with Microsoft so badly that the two companies are no longer willing to communicate, it can blame it all on the release of OneCare and say Microsoft is playing favorites to its own offering.

"It's like "Fox News" style reporting of the IT sector"

I hope this isn't the future of the great "leader of security," where song and dance and parlor tricks become more important than helping us keep our machines safe and sound. Making these "boy cries wolf" releases about a beta rather than working with the programmer is not just tacky, I'd go so far as to call it wholly unprofessional. Fear tactics like this have no business being part of an industry leader's corporate presence.

Symantec is beating a worn out, tired drum, and doing it at what will eventually be the consumer's expense. But hey, if they're so into flogging dead horses, maybe we can find them a use for the left-over corpses.

One of my colleagues had a suggestion for the company:

"Symantec needs to find a new sector - perhaps dog food."