Experts: Microsoft security gets an 'F'
SAN FRANCISCO, California (Reuters) -- Computer security experts say the
recent "SQL Slammer" worm, the worst in more than a year, is evidence that
Microsoft's year-old security push is not working. Microsoft placed responsibility
on computer users who failed to install a patch that had been available since a
least last June. But the philosophy of patching is fundamentally flawed and
leaves people vulnerable. For example, Microsoft didn't follow its own advice as
executives confirmed that an internal network was hit by the worm. "Microsoft
was completely hosed (from Slammer). It took them two days to get out from
under it," said Bruce Schneier, chief technology officer of Counterpane Internet
Security, a network monitoring service provider. "It's as hypocritical as you can
get."
In October Microsoft released a fix for a different SQL Server problem
that if installed in the expected manner would have made patched systems
vulnerable again, he said. "If I followed their advice I'd have been vulnerable."
In the meantime, Schneier said he was thinking of switching from Windows to
the Macintosh platform because of all the security issues. A Consumer Reports
survey last year found that virus infection rates on Macs are half what they are
on Windows. "Is that because Macs are safer? I think the answer is yeah." Full story