Microsoft Security Not So Bad?
Well, this isn't the type of thing I would normally write about, and I'm not trying to become a Microsoft fanboy, but I recently read something that does tie in pretty well to that post I made earlier this month about Macs vs PCs. A lot of the anti-Microsoft comments I've read are about security. People point out how many viruses, worms, trojans, and other security threats are aimed at Microsoft products, mostly Windows and Internet Explorer. True enough, that's the case, but I'd always wondered if the main reason for that wasn't inferior security in MS products, but rather just because they're the biggest target. I mean, at one point, IE controlled something like 95% of the browser market, and I'm sure Windows has a similar advantage in the OS market. If you're a hacker writing a program to, say, try to steal bank account information, what programs are you going to focus your efforts on looking for security loopholes? If it takes a similar amount of time to find loopholes and write a program to exploit them, why waste time on programs that are going to give you far less results? I think another contributing factor may be that people that use alternate OSs/browsers tend to be composed more of computer nerds, who are going to be using better practices, anyway.
Well, I recently came across an article that may confirm this idea, Report Says Windows Gets The Fastest Repairs. Here are the opening paragraphs from that article (with links removed - go to the original article if you want the links):
Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec (Quote), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
The report found that Microsoft (Quote) Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.
and then the closing paragraphs:
Analyst Charles King with Pund-IT said Microsoft has had to be aggressive about dealing with security issues because it's such a big target. In that regard, the company has met the challenge."I think in a way that a culture of having been under attack for a decade or more has led to the company taking a very proactive approach to fixing those problems," he told internetnews.com. "In the last 24 months, they've taken a very aggressive stance toward the security of their system. In review after review of Vista, despite its faults, the security of the system has been considerably better than XP."
By contrast, King said there have been complaints in the past about Apple's lack of response to security issues. But as the Mac and Linux gain marketshare, they will have to respond much quicker.
"Are the old models of response to security issues going to be able to fly or will those companies start to take some serious publicity hits from these increasing vulnerabilities and a relatively lackadaisical response to fixing those vulnerabilities?" he asked.
Anyway, I found it interesting. One thing it does mention is that even though MS had less updates overall, more of them were high priority or severe. So, that may indicate that MS actually is worse at security than other companies, but I still think the reputation they've gotten has been overblown, and that lots of people ignore what a big target they are.
