Fred Langa’s column in Information Week today is called “Enough Already: Microsoft Must Change” and does a great job of explaining the recurring Microsoft security problems.
But he doesn’t stop there.
Langa focuses on an important theme – why do buffer overflow flaws still continue to show up in Microsoft software when they’ve clearly been a major source of problems for years?
Langa doesn’t leave the problem entirely at Microsoft’s doorstep. Security issues are amplified by the huge number of people running old, unpatched software without even rudimentary firewall protection.
Langa argues, I believe correctly, that getting us out of the current security quagmire is a two-step process. First, software vendors have to step up and do a better job than what they have been doing. Second, we users must take a far more active and attentive approach to security issues.
We are part of a network and being part of a network brings both benefits and responsibilities.
Langa ends with some tough, but spot-on, comments, that we all need to think about:
“I think running an unpatched, unprotected PC is a form of negligence analogous to driving a car with bad brakes or broken headlights: You’re going to get yourself into trouble, and also make things worse for everyone around you. Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active part of the problem.”