Vista Security: Microsoft vs. Anti-Virus Firms

The once cozy relationship between Redmond and the security firms has turned sour – due to a new attitude within Microsoft.
Posted November 17, 2006
By

Rob Enderle

Rob Enderle


(Page 1 of 2)

We’ve been hearing a lot about the complaints from the security firms with regard to Microsoft’s new Vista operating system. While on the surface it looks like Microsoft is attacking its longtime partners, this is actually the result of nearly a decade of Microsoft being attacked by them and now responding to the threat. To understand this we need to go back to the beginning.

Once Upon a Time

Back when the computer industry was young we had proprietary systems like MVS, VM, and AS400 which were relatively closed and protected by the primary vendor. IBM owned the platform top to bottom. While there were third-party security products they were generally for point solutions that filled gaps left open by IBM’s offerings.

Related Articles
Office Live Has Microsoft in Marketing Mode

Get a Life: Enterprises Eye Potential For Second Life

The Future of ERP

New Microsoft License Ties Vista To Hardware

FREE Tech Newsletters

As UNIX and Windows came up together the two platforms took different paths. Windows was targeted at the desktop and relatively non-technical users while UNIX went to workstations and servers and a vastly more capable user base which tolerated vastly more robust security. UNIX was targeted at replacing the earlier IBM systems and had to meet the same security standards, which it actually often failed to do largely because people were learning about the new platforms.

Windows however was designed to be easy to use and very easy to access. In many cases early PCs replaced calculators and typewriters where security typically meant locking them in a cabinet or desk.

Related Articles
Office Live Has Microsoft in Marketing Mode

Intel's Quad-Core Server Edge

The Future of ERP

New Microsoft License Ties Vista To Hardware

FREE Tech Newsletters

In a way it was much like building castles vs. building houses in a protected town. The castles (UNIX/Midrange/Mainframe) had to have heavy walls and moats to protect what they contained, but the houses typically didn't get that level of protection.

While there was the occasional thief (floppy-based viruses), there was no need for heavy fortifications because the networks were generally secure and often only connected to a protected large system through a terminal interface. Kind of like having a large-walled and well-fortified town.

But much like even a walled town can have an increase in petty crime, viruses started to proliferate between machines. In respone, the industries’ version of fence builders and locksmiths developed. We called them Anti-Virus companies. Looking back this was probably a mistake but, at the time Microsoft didn’t want to be bothered with Anti-Virus and was more than happy to have someone else deal with it.

Industrialization of the PC (the Internet)

Things changed and in the mid 90s folks got connected to the Internet. This was like demolishing the wall protecting the walled city and, for the first time, PCs (which were still largely used in business) were exposed to the outside world. While many started pointing out that the existing security methods were no longer adequate, neither Microsoft nor the Anti-Virus firms changed much. There were new kinds of protections being implemented like Firewalls, and much like an improved police force, people still felt relatively safe.

Up until the end of the 90s the wall builders and the house builder, the Anti-Virus firms and Microsoft, largely led a symbiotic relationship. Unfortunately, at the end of the 90s the barbarians attacked and things changed dramatically.

Attack of the Virus Barbarians

Whether it was zealots wanting to hurt Microsoft or not, the new millennium brought broad attacks that did massive damage. Easily overwhelming the anti-virus product currently in place, it was like an attack of barbarians overwhelming the fences and locks that had been built – and Windows users worldwide were hurt badly.

Now Microsoft had been, perhaps foolishly, depending on the anti-virus companies to step up to this threat. But instead these same companies seemed to turn on Microsoft and join in blaming them for the resulting problems. Worse, they seemed to revel in broadcasting just how to penetrate Windows rudimentary security.

This would be like finding your fence builder or locksmith writing about when you weren’t home and how to build lock picks. The initial response was an attempt to harden the existing Windows offering. Kind of like putting up bars on the Windows and Doors, and just like bars attached to a house of straw, the protections helped but were less than sufficient.

Our Wall Builders, now called Security Companies, built stronger walls but even they were not adequate for what was a nearly overwhelming threat. Many of the big firms still gleefully pointed to Microsoft as the problem while selling their increasingly expensive solutions as a fix. The home owners – us – were largely caught out in the open with our pants down and, strangely enough, blamed Microsoft more than we blamed the firms we were paying to secure us.

We should have blamed both.


Page 1 of 2

 
1 2
Next Page





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.