Two articles on Microsoft caught my attention this past week. The first, warning of an exploit in Windows 2000 running IIS5 and second, a commentary on a speech given by Craig Mundie, Microsoft's senior vice president of advanced strategies. From reading these two articles, I am astounded by the sheer arrogance of the company. Let me explain...
The first article, as I said, tells about a security issue in the Windows 2000 version of IIS5. The interesting thing to note from this article is Microsoft's response to information that a program to attack the exploit had been produced. The article states, [t]he creation of the exploit code for the flaw came as no surprise to Microsoft.
Customers who have applied the patch don't have to worry,
the company said in a statement. Customers who haven't applied the patch should take this as a reminder to do so immediately.
A reminder to do so immediately?!?
Maybe Microsoft should take a lesson in creating software that doesn't have such security issues!
The second article I mentioned ties wonderfully into this first article. The MS executive claims, that the open-source development model leads to a strong possibility of
The article continues by adding a lovely quip: unhealthy forking
of a code base, which could result in compatibility issues across multiple versions of the same program, less interoperability and product instability. Further, Mundie argued that putting the source code of all programs out for all to see poses inherent security risks.[t]hose arguments echoed the same kinds of criticisms advocates of alternative operating systems frequently voice about Microsoft's products, which they say have a range of compatibility issues, are unstable and lacking in adequate security.
The idea that open source software leads to unstable or inadequate security almost implies that this is the model used by MS, considering all the security holes discovered in MS products. However, in direct contrast, I point to the relatively small amount of security holes found in open source Linux products over the same period of time. The difference is staggering. Part of the lure of open source is to iron out bugs. For instance, the popular encryption program PGP is, last time I checked, open source. This is done in order to gave the world a chance to find bugs quickly so that they can be fixed. Overall, this leads to a mostly bug-free program.
To address Mungie's statement that open source products have issues compatibility issues across multiple versions of the same program
and less interoperability, I'd like a couple concrete examples. As for examples of this from MS, I need not think too hard. Many of their products are not backwards compatible for apparently no good reason. Interoperability problems? Need I talk about MS's proprietary implementation of Java (MS Java) and JavaScript (JScript) coupled with the lack of documentation of these implementations to aid others wishing to work with them. What about the proprietary DOM extensions added by IE? Is there an example of something they've created that is interoperable?
Needless to say, I'm a little perturbed at their arrogance. Unfortunately, people will read their statements and take them as fact without doing any investigation of their own. Such is one of MS's strategies: to misinform the uninformed. While their business practices are debatably monopolistic, their ethics are surely shot.
