Microsoft just announced its security bulletins for March, and there was a critical Outlook vulnerability, a problem with MSN Messenger, and trouble with Microsoft Windows Media Services in Windows 2000. Nothing truly earth-shaking.
The very ordinariness of the announcement shows that Microsoft has gotten its once-chaotic responses to security issues under control. In fact, despite criticisms lobbed at the company by many, it really has gotten religion when it comes to security. Is it perfect? No. At times, it releases ill-tested patches and updates. I, for one, have gotten into the habit of waiting a week after it releases any patch or security update, to see whether widespread problems with it are reported.
But the regularity of its monthly security announcements like this one, and its quick response to security dangers, show that Microsoft means business when it comes to security.
It’s easy to criticize Microsoft in this; after all, almost all of the worms and viruses set loose affect Microsoft products. But that’s not because Windows is inherently more insecure than other operating systems. Willie Sutton, the well-known bank robber, was said to have once been asked why he robbed banks. His alleged answer: “Because that’s where the money is.” The same thing holds true for why worm-writers and malware authors target Windows - that’s where the users are. When it comes to security, Microsoft has been the victim of its own success.
So I’ll be downloading the latest security patches in about a week. It’ll be a mundane act, but one that reflects that despite complaints to the contrary, Microsoft has gotten serious about security.
Do you think Microsoft has gotten serious about security? Let me know either way.