HOME
TOPICS
ABOUT ME
MAIL

 
Microsoft's top management told the same old story so often they ended up believing it
   technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

The shocking truth about 'security' in Windows


Nov. 5, 2000

By Al Fasoldt
Copyright ©2000, Al Fasoldt
Copyright ©2000, The Syracuse Newspapers

   The untold story of the Microsoft breakin is something Microsoft doesn't want you to hear.
   Microsoft would like everyone to think that it was hit in October by some sort of industrial espionage. It is portraying the breakin at its most private network as an act of clever hacking. These hackers -- or "crackers," as they are more accurately called -- can do anything they want if you are not on your guard all the time. According to Microsoft's Revised Standard Version of history, someone at Microsoft goofed and the hackers got in.
   It would make great TV. Tears would glisten all over America.
   But we don't have to weep for buffoons. The sad truth about the Microsoft breakin is a tale as old as Aesop. Microsoft's top management told the same old story so often they ended up believing it. They ended up making all the rest of us believe it, too.
   This tale allowed Microsoft to create a computer operating system that has no built-in security. Don't misunderstand what I am saying as some sort of exaggeration. Microsoft designed Windows with no security at all. Nada. Zilch.
   You have to do special things, you need to run special programs, to add even minimal security to Windows, and they don't always work.
   Or perhaps we should say these special security measures don't work, period. We know that now. So does Microsoft and the FBI. They're still trying to find who broke in.
   Microsoft surely used all the added attractions it could muster to protect its own private network, the place where the source code for Windows is kept, and it couldn't do it. So the chances you and I can protect our own Windows PCs are between zero and none.
   That's the first thing. The second thing is that tired old story. You remember what you learned as a kid? If you say something often enough, everybody will believe it, whether it's true or not. Folks like you and me accepted this story. The people who run big companies swallowed it.
   Here's how it goes. I'll paraphrase it:
   "Computer users are the problem. They're the ones who open attachments when they shouldn't. They're the ones who let viruses in. Computers and computer networks will never be safe until computer users learn the rules of safe computing."
   Who could argue with that?
   Wait a minute. We can argue with that all day long. Especially now. We're not going to be fooled any longer. If your car is badly designed, don't blame your 16-year-old when the car runs off the road. Things that are designed wrong are the problem. How could we have missed this for so long?
   You've heard of Fort Knox, right? It's where the government stores a lot of gold. You can take a tour of Fort Knox just by showing up at the door.
   Suppose the Marines who guard all those gold bars decided it was too much trouble to lock the doors on the vaults where all the gold is stored? Suppose they said it was up to the people visiting Fort Knox to behave themselves? Everyone would have access to the vaults, everybody would be able to handle the gold and everyone would be asked to behave. Nobody would be searched.
   You know what would happen. We'd be missing a lot of gold. Bad things happen for reasons. Blaming everyone else because one person or one company designs a shoddy product is crazy. We need to start calling it the way we see it, not the way Microsoft sees it.
   Something else matters. It's a technical thing, so I'll make it simple. It has to do with passwords.
   Microsoft intentionally designed Windows so it could be used by anyone at any time. Unfortunately, the fact that Windows sometimes seems to be protected by a password confuses even the most knowledgeable people. Technical experts at companies and universities often assume that passwords keep unauthorized users from getting into Windows PCs.
   Moms and dads probably think their Windows passwords will keep junior from using the family computer while they're at work. But that's just a fallacy.
   Ready for a shock? Windows doesn't care what you type when it tells you to type a name and password. Type any name and any password at all and Windows lets you use the PC. You'll be able to view and change ALL of the files on that Windows PC just by typing anything you want when the password prompt comes up.
   Some security, huh? This is the way Microsoft designed Windows.
   There's more, but you get the point. Windows wasn't designed to be safe and it wasn't designed to be secure. The problem isn't viruses. It's Windows.
   If we let Microsoft blame us for the failings of Windows, we're falling for a tall tale. If we let our network administrators blame us for the viruses that plague Windows, we're turning off our brains.
   The bad guys who create viruses don't bother making Macintosh viruses or Linux viruses. Macs and Linux PCs are safe. Macs and Linux PCs don't invite disaster.
   The bad guys make Windows viruses. They know what works.
   And that's the sad part. The people who make viruses know something most of us don't know. It's time we evened the score.