Microsoft warns of more sleepless nights ahead

PUBLISHER’S NOTE: Please note that, as of 9/29/03, all of your valued Network World Fusion newsletters will be delivered to you from nwfnews.com. If you use filters to manage your newsletters based on domain name, please adjust accordingly.

We’ve all heard the story about Bill Gates talking at Comdex a few years ago about the progress that the computer industry has made in the past two decades. Comparing the computer industry with the automobile industry, Gates said, “If GM had kept up with the technology like the computer industry has, we would all be driving $25 cars that get 1,000 miles to the gallon.” 

And the story goes that GM came back with a good-humored response claiming that if it built cars like Microsoft develops technology, we’d all drive cars that crash twice a day for no good reason, that force you to reinstall the engine from time to time, and that had airbags that would ask “Are you sure?” before deploying.

We can all crack a smile over that story, but what if you were to receive a letter such as the following from a major automobile manufacturer?

Dear Driver,

We are contacting you today to make you aware that we have discovered three critical vulnerabilities in the engine of your car.  While there have not yet been any accidents proven to be related to these vulnerabilities, there is the possibility that your car could crash if the conditions are right.  We strongly encourage you to visit your dealership immediately to have your engine checked for problems.  What’s more, we recommend that you have a mechanic inspect your car daily to verify that your engine is safe for use.  In fact, you should subscribe to a “mobile mechanic” service that would automatically send a mechanic to your home to check your engine before you start your car each day.

You should also protect your friends and neighbors by requiring them to take these steps to inspect and protect their cars each and every day.  To make this easier, we have set up a new Web site to assist drivers: roadhog.com/youarescrewed.

We encourage you to get your engine fixed right away.  We thank you for your patience, and we want to work with you to protect you and your car from these kinds of safety problems.

Thank you,

Big Automotive Corporation

The letter is absurd, of course, but if it were real, there would be some massive lawsuits in store for any car manufacturer that took such a cavalier attitude.  Consumer watchdog groups would be all over the cause, as would be the National Transportation Safety Board.  Drivers would be ditching their unsafe cars on the side of the road and looking for a more reliable model.  The manufacturer would tailspin into bankruptcy.

The fact is, this letter is modeled after one I received directly from Microsoft on Sept. 10.  You probably received one too, as it was sent to “Dear IT Professional.”  The letter caused alarm by saying there are newly identified vulnerabilities in the Windows operating system, and that they could allow an attacker to gain control of my systems.  Given that my business lives or dies based on the reliability and availability of our computer systems, this is a pretty serious situation.

My company is a very small one, albeit a technically savvy one.  Acting upon Microsoft’s recommendations is a nuisance for us, but we understand what to do.  What about all the small businesses that don’t know about computer technology, and don’t want to know about computer technology?  Should the local florist have to know how to set up a firewall?  Should your drycleaner have to screen for viruses every day?  These people want to run a business, not an IT shop.

I wouldn’t be surprised at all to see more companies, big and small, move to non-Microsoft operating systems.  That’s not to say that Unix, Linux, or even Mac OS X are any less vulnerable or more secure than Windows.  It’s just that, right now, Microsoft seems to have this giant target on its head.  As long as this is the case, companies can’t afford to risk their businesses on the next exploitation of a hole in Windows.

By the way, if you didn’t get the “Dear IT Professional” letter from Microsoft, be sure to visit this Web site to find out what you need to do to protect your Windows-based computers:  https://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-039.asp 

And when you pick up your dry cleaning on the way home tonight, ask the store manager if he installed the patches on his computer yet.

Linda Musthaler is vice president of Currid & Company.  You can write to her at mailto:Linda.Musthaler@currid.com