Microsoft celebrates fifteen years of poor security

Tuesday, 19 August 2003, 3:52 PM EST

That the Blaster worm should spread as rapidly as it did was testament to one thing only, the poor security in Microsoft's software.

In the first few months of last year Microsoft spent about eight weeks in what was reportedly an intense effort to improve the security of their software. And what a joke that turned out to be, because within a just few months we were seeing security alerts about Microsoft products that had supposedly been thoroughly checked and corrected.

These statements of 2002 were not the first time that Microsoft has declared the problem solved and buffer overflow banished. Back in September 2001 Jim Allchin, a Microsoft vice president, declared that this problem had been stamped out in Windows XP. Supposedly Microsoft had made a complete code review of its operating system and removed all the buffers which could overflow.

Microsoft has had more than 15 years to get it right and it still cannot create a secure operating system. In fact in 2002 Windows had the dubious honour of accounting for 87% of all virus infections reported to the Australian office of the Sophos anti-virus group. This came on top of about 130 vulnerabilities that were reported for Windows during the year 2000, which is an average rate of more than one every three days.

[ Read more ]


Reactions to the IRS hack that impacted 100,000 people

Cybercriminals were able to successfully steal tax forms full of personal information of more than 100,000 taxpayers through IRSí Get Transcript application. This data included Social Security information, date of birth and street address.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, May 28th