Microsoft released Microsoft Personal Security Advisor (MPSA), a web-based tool that scans PCs for security holes, available patches, and insecure system settings, and reports problems and solutions to the user. Surprise! Experienced users who thought they were vigilant about security — installing patches, checking security alerts, and using anti-virus software — found themselves blown away by the results:
“Oh my god, I can’t believe all these holes,” said Terry Montono, a high school computer lab teacher. “I lecture my kids about keeping up with patches and I thought I was doing a good job of keeping my computer clean. But it’s like there’s a secret basement in Windows 2000 that’s filled with huge cracks that will let people enter my computer.”
I see this as a gargantuan chink in the .Net armor; how in the world will you make people entrust all their personal information to Microsoft, while revealing (by hook or by crook) the swiss-cheese security that plagues their web server, OS and web browser? Invasions of the Sircam and Code Red internet worms within Microsoft itself have proved MS to be unable to secure their own corporate servers, even after releasing patches that “fix” the exploits crackers use against them.
Yet again, a reason to use an Open Source OS.