Letters

Don't blame users for Microsoft's sins: Readers respond to Farhad Manjoo's "Dumb Software for Dumb People."

Published August 29, 2003 7:30PM (EDT)

[Read the story.]

Farhad Manjoo takes the position in his article that people are stupid, that they shouldn't perhaps buy computers that they don't understand. He lays some of the blame on Microsoft, but a healthy dose on the computer's users for not understanding their devices.

I take exception to the idea that people are stupid. People are not stupid, they are busy. They have far more important things to do with their lives than learn to be a system administrator just to use a personal computer. It's only when software companies (and I work for one) learn to make computers and their related technology as easy as using a toaster or a vacuum cleaner that we will have really achieved something in the technology realm.

Do you have to have an intimate knowledge of electric motors, belt tension, voltage, amps, and so on to vacuum the dog hair off your rug? No, and you shouldn't have to.

I put the fault entirely with Microsoft. Why should a busy person with a busy life have to become intimately involved with technology that should be "background noise" to them? The vast majority of the world who don't work at software companies should be able to use computers to their advantage, without learning to install firewalls, patch their own software, and so on.

-- Kristina Ricks

Like many articles on the disastrous state of computer security in the real world, this one considers placing blame on only two parties: victims and vendors. How about considering a third party: villains?

The last I checked, breaking and entering, vandalism, and depraved indifference were crimes. Why then are the levels of law enforcement, prosecution, and punishment so pitifully low? If these crimes originate in other nations that cannot or will not make serious efforts to stop them, then the crimes are clearly also a national security matter.

It is time for our government to start dealing vigorously with these crimes by applying legislative, law enforcement, and prosecutive resources to deal with their perpetrators.

-- Peter A. Dinda

Farhad Manjoo quotes two "experts":

"There have been many serious vulnerabilities found in Linux and Macintosh as well," explains Graham Cluley, a virus expert at Sophos. Microsoft even believes that, in terms of security flaws, "we're actually running below some of the competing platforms," according to Steve Lipner, Microsoft's director of security engineering strategy.

This is possible, except for one detail, explained later in Manjoo's article: Virtually all of the vulnerabilities in Mac OS X (patched within days of their discoveries via Apple's Software Update mechanism) were in Unix services, which are disabled by default and which most users will never activate.

-- Garry Margolis

Microsoft is responsible for its flaws in the day-to-day operations of the computer industry. When a virus attacks its systems, exploiting the errors of the automatic executables of Outlook Express, buffer overruns of its main product, and numerous other flaws, and the company responds that other systems have the same level of security flaws, it is simply missing the point. Microsoft uses this as a crutch, and you, Farhad, and other tech writers excuse Microsoft for this fact. Although Mr. Cluley of Sophos states that there are serious vulnerabilities to every operating systems, Microsoft has shown significant culpability with regards to its products.

According to ciac.org there are 31 vulnerabilities specific to Windows XP; 54 in Windows 2000 server; 45 in Windows 98/95; 14 for WinME; 71 for NT since 1994; 100 for the entire server systems since 2000; 37 problems specific to IE since 1997; 15 for Outlook; and 42 general problems (MySQL, Word, etc.). Just for another comparison, Linux has 54 serious exploitable vulnerabilities going back to 1994, while ancient Unix has 86 known vulnerabilities going back to 1989 when the CIAC first begins tracking such things. And while the security through obscurity point has been referenced time and time again, please note that according to Netcraft, Apache/Linux servers account for 63 percent of Web site servers and yet none of these were affected. As for Macintosh, according to my own Norton Utility, a significant number of the vulnerabilities present are Macro viruses spread only by Microsoft Word. So, to quote Mr. Gates, "... as an industry leader we can and must do better." No kidding.

-- Paul Ingram

Although one might debate the meaning of "serious vulnerability" or "security flaw" as used respectively by Messrs Cluley and Lipner, Windows has proven to be far more vulnerable to viruses and hacker mischief than any other platform. As a Macintosh user since 1984, I can truthfully state that the last time I had to deal with a virus was in 1987, and although the Mac's new Unix-based OS is probably more vulnerable to attack than its older one, Apple has made much better decisions in its OS design than Microsoft. For example, in Windows, most Internet ports are open in a normal software installation; not so in Mac OS X or in popular flavors of Linux. Microsoft and their lapdogs should take responsibility for their sloppy thinking and design, but they never have before, so I'm not holding my breath now (or changing my platform).

-- Robert Jacob

Thanks to Farhad Manjoo for the interesting review of Windows' security problems; very well done.

All these Windows infections say a couple things very loudly. End users are craving porn (soBig.f) and love (ILOVEYOU), and Microsoft has been wholly irresponsible.

To put things in perspective, Microsoft's R&D budget is larger than Apple's entire annual revenue (and Apple seems to be able to put out software with security defaults set to "ON").

And if Gates' memos aren't P.R. stunts, please explain why we don't ever see CEOs for GE or GM or Boeing or Procter & Gamble having their companywide memos gushed in the news?

The simplest, easiest Windows firewall is to get a Mac; outside of that, don't click on any e-mail/instant-messaging attachment until you check by calling the sender or you are expecting it.

-- Kamalesh Thakker

Microsoft keeps claiming that viruses are spread by users who are too lackadaisical to install Microsoft's updates and use anti-virus software and firewalls. They also claim that other operating systems are just as vulnerable, but less tempting targets.

Wrong again, Mr. Gates. My office computer is behind a firewall, updated regularly using MS's automatic updates feature, and checked by a regularly updated anti-virus program at least twice a week. I still had to spend an hour getting rid of SoBig.F. Rob Pegoraro, one of the tech columnists at the Washington Post, spilt the beans yesterday about the way that Microsoft's vulnerability has come from deliberate decisions by the designers of Windows. Linux and Apple are more secure because they are designed to be more secure, not just because they are less frequently attacked.

Windows' dominance was never due to superior software. Whatever flaws they have in their software, Microsoft's marketing has been as brilliantly effective as it has been predatory.

-- Joan Crowley

In a report on Windows security holes, it said:

"There have been many serious vulnerabilities found in Linux and Macintosh as well," explains Graham Cluley, a virus expert at Sophos. Microsoft even believes that, in terms of security flaws, "we're actually running below some of the competing platforms," according to Steve Lipner, Microsoft's director of security engineering strategy. "

And indeed there have been, and will be, vulnerabilities in all software. However, to say that MS is doing better than other platforms is to ignore all fact and reason.

Microsoft systems come "wide open" or with all the doors unlocked and waiting. By comparison other systems do not.

For example the latest exploit uses RPC to do its damage. RPC is not needed by the overwhelming majority of home users, yet it is not only installed but turned on and allowed to accept calls from outside the system. This is a little like saying that, even though I don't have a coal furnace, I have a door for coal delivery in my home, and it is unlocked, and no simple method is provided to lock it. Furthermore it is hidden, and I am not told it is there. Is this really the fault of the user?

"If Windows seems to suffer more for its holes, that's because virus writers find it a significantly more attractive target than the other operating systems, experts say. "They want to infect the world, and the easiest way to do that is to target Windows," Cluley says."

This is just plain wrong. The majority of servers in the world are powered by Unix-type software. If a virus writer wanted to maximize the damage done by his work, he would attack the Unix boxes providing Internet services to the world. So why then do they attack Windows machines? Because they are easy targets, and like all programmers, virus writers are inherently lazy. Why work extra hard to do a little more damage, when it is easy to defeat the Swiss cheese-style security of Windows.

"And because Windows is the platform most malicious programmers devote themselves to damaging, causing havoc is a well-documented endeavor. 'With 85,000 computer viruses in existence, it's not difficult to find out how to write a new virus for Windows. There's a lot of information out there,' Cluley says."

This at least is true, but why are there so many completely new attacks so often? Because there are so many holes.

Windows is inherently insecure. Even Microsoft knows this. It is time everyone else either accepted they are using insecure software, or changed.

-- Shane Smith

I enjoyed Farhad Manjoo's article about Microsoft security flaws. I thought I would suggest another incentive for Microsoft to release flawed (from a security perspective) software -- piracy.

I would say that just about every time I have purchased a Microsoft software product, a friend has offered to let me install their copy for free. There is one reason I do not take them up on it -- security patches. I don't feel safe running Microsoft software or OS's unless I patch them every week or so. Given Gates' ability to link licenses to PCs, I wouldn't use their update sites without a valid license.

So in my case, and I imagine many others, vulnerable software is the best copy protection around.

-- John Akred

To its credit, Microsoft created the auto-update function in Windows XP Home.

The problem is that in the weeks following the discovery of the "Blaster worm," there were no auto updates made on the XP machines.

The typical default settings for any machine -- from a home unit to corporate server -- are set in such a way to make them very insecure.

These are problems that need to be ironed out and quickly. The original problem is not with users, but how software is delivered and supported.

In the automobile industry, a recall is issued when a defect is found. Given how most of the machines in the world are using the Microsoft product, we are depending on them to keep our machines up-to-date and sell us a product that is not already vulnerable out of the box.

-- Timothy Ruf

What a great article. As Fox might preach (though not necessarily practice), "fair and balanced": not a Slashdot or NewsForge ABM rant, but not a "it's not Microsoft's fault" MSNBC-esque excuse piece either.

And what a crock of shit:

Microsoft's Lipner: "We're a business, and we're driven by what the customers demand -- and that's how this company got to be as successful as we have been."

Oh, please. Microsoft only became interested in customers' demands when customers began seeing the light and looking elsewhere, if not actually cutting the Redmond chains. As for their success, well, some might argue that divide and conquer, embrace and extend, FUD -- Windows may be susceptible to viruses, but according to Microsoft, the Linux I'm using right now is a "cancer" -- strong-arming the OEMs and obtaining (and abusing) a monopoly had a lot more to do with it.

-- Walter Bazzini


By Salon Staff

MORE FROM Salon Staff


Related Topics ------------------------------------------