General discussion

  • Creator
  • #2257632

    Which Microsoft Security Bulletin Should I Choose?


    by dotxen ·

    Ah, my friends, the agony of choice.

    Why do we pay so much money, spend so much time and energy on, what appears to be, badly crafted operating systems? The mere fact that I have a choice between vulnerabilities says it all.

    When we purchase a Microsoft operating system, we are also contracting ourselves to be unpaid researchers, analysts, software engineers, patch-management supervisors, general skivvies and victims to an enormous, global corporation. We are in fact, more than customers, we are employees without rights, employment protection or pay. We don’t even get holidays!

    Reading all the releases and warnings about this threat, and that vulnerability, makes me wonder if we haven’t all become punch-drunk and unable to demand properly crafted software that does the job out of the box. Much as we would demand were we to buy a game or an application. Is it sympathy that makes us participate in this endless game of tag? Or is it that we have no choice because we are so addicted to the Windows comfort-zone? (The cleverest ploy that Microsoft constructed was the version-continuity of the Windows ’95 desktop). Whichever it is means that we are slaves to our own inability to make appropriate choices, and accept that change is necessary to relieve us of the dangers and risks of using incomplete software. To deploy a Windows infrastructure is like planning a battle. It appears necessary to have to implement a whole regiment of servers to carry out tasks that were not even thought of 5 years ago. The complexity of the inter-relationships and the dependencies of each component has made all our lives far harder. The knowledge levels that we now have to have, and are increased regularly, are wide and deep. There is no OOB experience with Microsoft. Every implementation is a challenge and that challenge lives on for the lifecycle. It brings high costs in terms of training, administration, security and risk.

    I am not anti-Microsoft, honest, I make a good living from the instabilities, inconsistencies and unreliability of Microsoft operating systems, but I have to admit that I am more and more reluctant to specify Microsoft operating systems due to the inherent risks associated with them. That doesn’t mean that Windows is not popular, or that my observations are shared by significant numbers of people, but it does mean that there is an awareness and annoyance with the endless problems and failures of the expensive Windows operating systems. I hope that Microsoft people read these columns. It might encourage them to challenge their own product design and development strategies, and to try really hard to deliver a ?complete? product, insofar as that is possible, for all our sakes.

    It is true that other operating systems have to be updated and patched etc, but nowhere near to the extent and regularity that is the case with Windows. Linux is the host for virtually the entire World Wide Web and almost all Internet e-mail services. There is just not the same level of downtime, reboots and vulnerabilities with these systems. Large enterprise databases are usually hosted on Solaris and other UNIX distributions. Why? Because those of us involved in providing these types of solutions to corporate, local and central government, organisations and enterprises, know that UNIX provides a far higher level of stability, resilience and security out of the box, than any flavour of Windows. This has been proved over time to be the case. I would like Windows to be more secure and so forth. I like many of it?s assets and facets, but I want to be able to sleep a night.

    Now, I have to go and choose which security hole in my Windows servers carries the most risk. Ah, the agony of choice.

All Comments