By and large we live in a world of standards. Wouldn’t it be a drag if we had to buy a new faucet each time we bought a new garden hose? Or a new electric outlet whenever we bought a new refrigerator? We live in a world of standards, and this is no more true than in the PC industry.
Your PC is built on many interchangeable industry parts. You can pull the hard drive out of your system, and throw it in virtually any other computer and it should work flawlessly. You can plug a whole host of devices into the USB ports of your
PC, and the PC will automatically detect them and work with them. And of course, you can load any Windows program into your PC, and it will work. But at the same time, what if the standard has a weakness, a tragic flaw? In the case of Windows, despite all of its goodness, it has a fatal flaw. A big one. The security in Windows is unacceptably weak. It is the reason that viruses exist, and a whole spyware/adware industry has risen to exploit Windows security hole. Millions and millions of dollars are being made by people sneaking software onto your PC without your permission. Worse yet, unscrupulous people can sneak into your house, and install a surreptitious program called a keylogger that will transmit everything you do back over the internet, all without your knowledge.
Billions and billions of dollars are being made by companies like McAfee, Symantec, and Computer Associates helping the public deal with the growing menace, but one has to ask the question. Why the heck doesn’t Microsoft just plug the security hole? After all, Microsoft is one of the smartest and wealthiest companies in the world, and run by the richest man in the world. Can’t Bill Gates just snap his fingers, and it would be done?
Of course, it isn’t that simple. Microsoft made an attempt to improve the security situation with Windows XP back in 2001. Each user would have their own account, and the privileges of each account could be managed by the adminstrator. It certainly was a step in the right direction. In this way, Junior could download some spyware onto the family PC, but it would only effect Junior. Mom and Dad could continue to use the family PC spyware free. Of course, it did not address the entire issue, but at least it was a start.
What was the ramification of XP’s security model? I would bet that more than 90% of home and small business users run as administrator. In effect, they/we are bypassing the only security XP is offering us. Why would we do that? Because it is easier. Let’s back up. Starting in the early 90’s, millions and millions of software packages have been written for Windows. If a software company wants to be successful, they have little choice but to develop their software for the Windows platform. The problem is that many of these software companies have written code that uses the very same Windows security hole to do perfectly legitimate things. These are not a handful of applications but many of the most common PC applications such as security products and games by names such as McAfee, Computer Associates, and our products at PC Pitstop. So this is the reason that we run our PC’s with administrative privileges. And this is the same reason why Bill Gates cannot just snap his finger and the security hole is plugged. By plugging the security hole completely, Microsoft would break many popular PC software applications that we use every day. Windows depends on the ENTIRE universe of software in order to be successful. As soon as they start breaking software applications, it opens the door for Mac’s and Linux. The humungous Windows software installed base is what makes Windows so successful but it is also a 200 billion ton weight around Microsoft’s neck that does not allow them to change their flagship operating system.
And now we have Vista coming around the corner. What do we want Vista to do? Of course, plug the security hole.
However, if Microsoft fully plugged the security hole, it would break a lot of popular software applications. In order to avoid this dilemma, Microsoft would have to communicate long before the Vista launch, the impacts on the software industry. At Pitstop, we write software and also work with many other security software companies. None of us have heard anything. My conclusion is that Vista may be many things, but one thing it will not do is fix Window’s largest flaw – security.
What should Microsoft do to fix the security problem? Read Rob’s column next month.