Business Security Decreasing
Microsoft has spent about 100 Million dollars on its "Trustworthy
Computing" initiative since its inception in January 2002. Amidst a
chorus of fanfare, Bill Gates announced that Microsoft's substantial
resources would be completely focused on security for the next year.
They stopped all development on new products, started reviewing
existing products, delayed introduction of products, and redesigned
their development procedures to help emphasize security. But results
Comparing Windows 2000 to Windows 2003 does show some improvement.
Both operating systems are designed for business use, and both require
high levels of security. During the first six months after their
respective introductions, Windows 2000 had 21 critical security
advisories and the highly tested and redesigned Windows 2003 had only
6 critical issues. Certainly an improvement worthy of note for
The majority of Microsoft's products, however, have not had the same
attention paid to their security detail. Microsoft Windows XP family
of products is still riddled with security problems, although Service
Pack 2 is expected to close many holes, and will tighten security by
default. Most PCs run even older, security deficient software.
Business Security Breaches Double
With all the news of Microsoft's increased attention to security
issues comes an alarming warning from the UK. PricewaterhouseCoopers
conducts a bi-annual survey of computer security breaches on behalf of
the Department of Trade and Industry, and the results of this year's
survey shows business security going the wrong way.
A full forty-four per cent of UK businesses have suffered at least
one malicious security breach in the past year -- almost double the
problem of two years ago.
Until business security personnel are proficient at implementing
security, Microsoft has finally got its Trustworthy Computing together
and the end-users understand how to keep data safe we will have to be
vigilant. Come to think of it, perhaps eternal vigilance is in order.