The 12 Days of Microsoft’s Christmas

Posted on by

Sing along! On the 12th day of Microsoft’s Christmas, Bill Gates gave to me:

Twelve monthly patches
Eleven vulnerabilities
Ten security breaches
Nine Vista promises
Eight suits a-counterfeiting
Seven point-“uh-oh” browser
Six serendipities
Five Mobile Palms
Four acquisitions
Three flaws in IE
Two “open” formats
And a rootkit patch for Sony CDs.

Twelve monthly patches — Can you really keep your Windows PC secure? Microsoft releases a set of patches every month (dubbed “Patch Tuesday“), and each month it triggers a race between hackers, vendors and customers. And yet, after 11 major patches this year, Microsoft still found…

Eleven vulnerabilities — Microsoft found eleven vulnerabilities to patch on Dec. 13, 2005, including critical holes in Internet Explorer and in the Windows core processing kernal.

Ten security breaches — The top 10 viruses of 2005, as reported by Sophos, are all Microsoft Windows viruses.

Nine Vista promises — With the new Vista operating system that most people won’t see until sometime in 2006, Microsoft promises security improvements, some snazzy new graphics, and a new means of searching and organizing information. How will it compare to the Mac OS X? By the time Vista becomes available, Apple will have moved on from Tiger to Leopard.

Eight suits a-counterfeiting — Microsoft filed eight lawsuits in seven different states aimed at punishing resellers of counterfeit software. Counterfeit software must be a nightmare to keep patched and secure. For the benefit of everyone, perhaps Microsoft should take another look at the open source publishing model.

Seven point-“uh-oh” browser — Internet Explorer version 7.0, rumored to be far more secure than the current version, is still in beta — and still getting love-letters from the press. Unfortunately for web developers, IE 7.0 won’t support the full CSS standard. It will continue to foist proprietary technologies on developers, forcing them to choose between two competing ways of creating Web sites.

Six serendipities — From its first system (MS-DOS) through the present versions of Windows, Microsoft has built its empire on a dubious foundation of six lucky breaks. Read ’em and weep.

Five Mobile Palms — Microsoft’s determination and deep pockets are driving the company’s deep penetration into the handheld market. Palm will soon unveil a Treo powered not by the Palm OS software but by Microsoft’s Windows Mobile 5. The Palm OS faithful are not happy, particularly developers who develop in Palm C.

Four acquisitions — Look out! Microsoft has acquired some heavy companies to tackle the road ahead. Its best acquisition was not so much Groove Networks itself as it was the founder of Groove, Ray Ozzie (the inventor of Lotus Notes). Microsoft also acquired Teleo Inc., a provider of Voice over Internet Protocol (VoIP) software and services that Microsoft will incorporate into MSN in its effort to dominate this market space. Microsoft also acquired FrontBridge Technologies Inc., a provider of anti-virus, anti-spam, disaster recovery and other security services, but many partners are alarmed — they don’t trust Microsoft’s record in security and have concerns about the terms Microsoft will impose on them. Microsoft’s acquisition of Sybari Software, a provider of software that blocks spam and malicious attacks, also angered Sybari customers — before the ink was even dry, Microsoft cut all new antivirus support for Unix and Linux.

Three flaws in IE — Let’s say you are diligently keeping up with Microsoft’s patches, and also trying the new public betas — such as Internet Explorer 7.0 (see item number seven). You just hit a double-whammy with the December 2005 “Patch Tuesday” security fixes. Three problems have been reported with IE 7: The browser could crash right after starting up, links may come up blank, or multiple windows may open when the browser is initiated, according to this corporate blog posting. The problems occur only if IE 7 is installed on a machine alongside IE 6. Once again, you have to choose either the ghosts of Microsoft past or the flaws of Microsoft future.

Two “open” formats — Microsoft has sewn fear, uncertainty, and doubt about “open” file formats by not supporting the emerging OpenDocument Format standard, pressuring the Massachusetts legislature and governor, and proposing its own Office 12 formats as a second “standard”. When are two standards better than one? When you are a monopoly, of course. It just isn’t in Microsoft’s interest to have a standard document format that is open and stable.

And a rootkit patch for Sony CDs. Make sure to avoid Sony music CDs this holiday season, if you use Windows. If you still want to use these CDs with Windows, be sure to download Microsoft’s latest patch that deals with Sony BMG’s counterproductive uninstaller of the ill-fated rootkit for digital rights management (DRM). The patch makes it impossible for you to run the dangerous First4Internet XCP uninstallation ActiveX control, a piece of code designed to remove the DRM software but which was found to create worse security problems than it attempted to solve. This entire mess demonstrates how vulnerable Windows is to incompetent DRM schemes, which can wreak havoc with PCs and can’t be easily removed.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *