informa
/
Commentary

Langa Letter: Enough Already: Microsoft Must Change

Fred Langa wonders if Microsoft will do what it takes to greatly improve its software development processes and improve its product security
A Two-Part Solution
To me, it appears that the problem of security on the desktop will require two simultaneous changes. First, all software vendors--but most especially Microsoft--have to heed Bob Evan's call (see "Secure Computing Must Move To The Front") and step up to the challenge of producing code that actually delivers a high level of intrinsic security.

But second, we have to do our part. In the short term, that means deploying a desktop firewall and an antivirus tool on every PC, and keeping all PCs up to date with existing security patches--no excuses, no griping about cost, no finger-pointing. It simply has to be done. Yes, the costs are real, but so are the payoffs: These steps, by themselves, yield acceptable levels of security even with current software products, and totally prevent problems like the Blaster worm.

What's Up?
Windows Tech Center


Microsoft's in the spotlight in our valuable and entertaining new Tech Center that features the latest Microsoft news, Fred Langa columns and insights by John Foley, InformationWeek's Microsoft expert.


In fact, I take a harsher view. I think running an unpatched, unprotected PC is a form of negligence analogous to driving a car with bad brakes or broken headlights: You're going to get yourself into trouble, and also make things worse for everyone around you. Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active part of the problem.

Looking further ahead, we all have to be open to change. We must be willing to abandon older software so we're not dragging along decade-old problems and inadequacies into new generations of software. And we need to vote with our dollars and reward vendors who deliver--and not just talk about--secure software.

But what's your take? Is responsibility for security shared between vendors and end users, as I suggest, or is it mainly a vendor problem? If someone said, "I can give you virtually hacker-proof software, but it will require that you toss all your current software," would you do it? Would your company? Do you prefer an incremental approach to improving security, even if that takes longer? What steps do you currently take to keep safe your own PC and the PCs you're responsible for? Join in the discussion!


To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.

To find out more about Fred Langa, please visit his page on the Listening Post.