Charles Arthur On technology

'Windows wasn't designed with security - or, indeed, the internet - in mind. Its innards predate that use significantly'

When Bill Gates says, as he did recently at a packed conference of computer-security experts, that Windows is becoming safer all the time, he is being absolutely truthful.

This may seem surprising, as the "worm wars" between bizarrely named programs such as Netsky, MyDoom and Bagle grow ever more ferocious. But Gates (below) is being precise. He is not talking about the version of Windows that most people have on their computers. He is talking about the version that a tiny minority are using: the one that has all the latest patches and updates applied. He has it on his machine.

A great many people don't, and they're causing everyone, including themselves and innocent users (including those on non-Microsoft operating systems) a lot of trouble. They're the ones whose machines are still infected by worms such as Blaster, SoBig, and even Klez which, despite first appearing in April 2002, is still the fifth most prevalent virus on the net. And even when Klez appeared, it was exploiting a vulnerability (in Internet Explorer 5, but not later versions) that Microsoft had already fixed - in 2001.

Those people are also the most vulnerable to "phishing" scams that exploit weaknesses in Explorer to dupe people into handing over their bank, credit card, Paypal or eBay details, and to viruses and online hacking taking over their machines.

How many people are at risk? While there is no hard data as to how many people use which version of the operating system, a good guide comes from Google's visitor statistics. They reveal that 45 per cent of visitors use WindowsXP, the newest version. Of the rest, 24 per cent use Windows98; 18 per cent, Windows 2000; 3 per cent, Windows NT; 1 per cent, Windows95. (The rest use Linux, Macintosh and other operating systems; see www.google.com/press/zeitgeist.html).

At least half of those WindowsXP installations have never been updated to incorporate Microsoft's patches, because their owners won't know how to; and Microsoft shipped WindowsXP with the functionality to download those updates switched off. It also left the firewall turned off, and didn't close the "ports" to connect to services most home users would never need. Each of these problems is a fault of decision-making within Microsoft about the threats that the machines would face in a connected world.

Few people are better aware of those threats than David Aucsmith, responsible for Microsoft's "security architecture". "There's an army of people 'assisting' us in finding vulnerabilities in Windows," he said recently. Microsoft isn't lax in working on the fixes to holes discovered in Windows; in fact, says Aucsmith, only one attack has been the result of a vulnerability of which the company wasn't already aware. (He declines to name it, but evidence suggests it was last summer's "Blaster" worm.)

"But we can watch what happens when we release a patch for a flaw," he says. "There's a hacking tool that compares the patched operating system with the unpatched one, and generates code to exploit that." The problem is compounded in two ways. "Our Achilles heel is testing our patches against all the variations of customer software out there," said Aucsmith. "If we release a patch that futzes up a bank's software, there's hell to pay. The bad guys don't face the same constraints."

He also readily acknowledges that Windows wasn't designed with security - or, indeed, the internet - in mind. The development of Windows95 began in 1993. So although it came out just as the internet exploded into public use, its innards predate that use significantly. That's one area where rival operating systems have a definite advantage. Both Linux and Apple's Mac OSX are variants of Unix, built to handle multiple, potentially conflicting, users on a network. They presume that people may try to do bad things to the machine, and aim to forestall them; security is an axiom, rather than an add-on.

Microsoft is readying itself for the attacks that will be aimed at its next-generation operating system, Longhorn, due in the second half of the decade. But what if nobody gets the updates, or upgrades to the new version? Microsoft is, I understand, considering a trade-in system for users of older versions of Windows. But what about those using machines that can't run XP because they're too old? That, along with the question of whether Microsoft, or someone else, should foot the bill, means the idea is stuck inside the company for now.

Microsoft has produced a free "Windows Security CD" with updates to Windows (for all flavours from 98 onwards) valid until last October. Unfortunately, you have to order the CD online; and you need to set up a Microsoft .NET Passport account to do so. Microsoft's next "service pack" for Windows XP, due very soon, will turn the firewall on and the unused ports and services off. Future versions might even download the updates automatically.

It's a start, but unfortunately we aren't at the beginning of the problem. Next time you receive a phishing e-mail, or a virus, consider this: some people out there will believe them, and their machines won't protect them against them, even though - as Gates said - Windows is getting safer.

Microsoft Security Update CD: (www.microsoft.com/uk/security/protect/update.mspx)

Life and Style
Swimsuit, £245, by Agent Provocateur
fashion

Diving in at the deep end is no excuse for shirking the style stakes

Sport
Mario Balotelli, Divock Origi, Loic Remy, Wilfried Bony and Karim Benzema
transfersBony, Benzema and the other transfer targets
Sport
Yaya Touré has defended his posturing over his future at Manchester City
Voices
Spectators photograph the Tour de France riders as they make their way through the Yorkshire countryside
voicesHoward Jacobson: Line the streets for a cycling race? You might just as well watch a swarm of wasps
PROMOTED VIDEO
Life and Style
lifeHere's one answer to an inquisitive Reddit user's question
News
peopleDave Legeno, the actor who played werewolf Fenrir Greyback in the Harry Potter films, has died
News
Detail of the dress made entirely of loom bands
news
Life and Style
beauty
Sport
There were mass celebrations across Argentina as the country's national team reached their first World Cup final for 24 years
transfersOne of the men to suffer cardiac arrest was 16 years old
Arts and Entertainment
Armando Iannucci, the creator of 'The Thick of It' says he has
tvArmando Iannucci to concentrate on US show Veep
Sport
German supporters (left) and Argentina fans
world cup 2014Final gives England fans a choice between to old enemies
News
ebookA unique anthology of reporting and analysis of a crucial period of history
News
A mugshot of Ian Watkins released by South Wales Police following his guilty pleas
peopleBandmates open up about abuse
Sport
Basketball superstar LeBron James gets into his stride for the Cleveland Cavaliers
sportNBA superstar announces decision to return to Cleveland Cavaliers
Sport
Javier Mascherano of Argentina tackles Arjen Robben of the Netherlands as he attempts a shot
world cup 2014
Sport
Four ski officials in Slovenia have been suspended following allegations of results rigging
sportFour Slovenian officials suspended after allegations they helped violinist get slalom place
News
14 March 2011: George Clooney testifies before the Senate Foreign Relations Committee during a hearing titled 'Sudan and South Sudan: Independence and Insecurity.' Clooney is co-founder of the Satellite Sentinel Project which uses private satellites to collect evidence of crimes against civilian populations in Sudan
people
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Biztalk - outstanding opportunity

£75000 - £85000 per annum + ex bens: Deerfoot IT Resources Limited: Biztalk Te...

Trade Desk Specialist (FIX, Linux, Windows, Network Security)

£60000 per annum: Harrington Starr: Trade Desk Specialist (FIX, Linux, Windows...

Service Desk Analyst (Windows, Active Directory, ITIL, Reuter)

£35000 per annum: Harrington Starr: Service Desk Analyst (Windows, Active Dire...

Network Engineer (CCNA, CCNP, Linux, OSPF, BGP, Multicast, WAN)

£40000 per annum: Harrington Starr: Network Engineer (CCNA, CCNP, Linux, OSPF,...

Day In a Page

A History of the First World War in 100 Moments: Peace without magnanimity - the summit in a railway siding that ended the fighting

A History of the First World War in 100 Moments

Peace without magnanimity - the summit in a railway siding that ended the fighting
Scottish independence: How the Commonwealth Games could swing the vote

Scottish independence: How the Commonwealth Games could swing the vote

In the final part of our series, Chris Green arrives in Glasgow - a host city struggling to keep the politics out of its celebration of sport
Out in the cold: A writer spends a night on the streets and hears the stories of the homeless

A writer spends a night on the streets

Rough sleepers - the homeless, the destitute and the drunk - exist in every city. Will Nicoll meets those whose luck has run out
Striking new stations, high-speed links and (whisper it) better services - the UK's railways are entering a new golden age

UK's railways are entering a new golden age

New stations are opening across the country and our railways appear to be entering an era not seen in Britain since the early 1950s
Conchita Wurst becomes a 'bride' on the Paris catwalk - and proves there is life after Eurovision

Conchita becomes a 'bride' on Paris catwalk

Alexander Fury salutes the Eurovision Song Contest winner's latest triumph
Pétanque World Championship in Marseilles hit by

Pétanque 'world cup' hit by death threats

This year's most acrimonious sporting event took place in France, not Brazil. How did pétanque get so passionate?
Whelks are healthy, versatile and sustainable - so why did we stop eating them in the UK?

Why did we stop eating whelks?

Whelks were the Victorian equivalent of the donor kebab and our stocks are abundant. So why do we now export them all to the Far East?
10 best women's sunglasses

In the shade: 10 best women's sunglasses

From luxury bespoke eyewear to fun festival sunnies, we round up the shades to be seen in this summer
Germany vs Argentina World Cup 2014: Lionel Messi? Javier Mascherano is key for Argentina...

World Cup final: Messi? Mascherano is key for Argentina...

No 10 is always centre of attention but Barça team-mate is just as crucial to finalists’ hopes
Siobhan-Marie O’Connor: Swimmer knows she needs Glasgow joy on road to Rio

Siobhan-Marie O’Connor: Swimmer needs Glasgow joy on road to Rio

18-year-old says this month’s Commonwealth Games are a key staging post in her career before time slips away
The true Gaza back-story that the Israelis aren’t telling this week

The true Gaza back-story that the Israelis aren’t telling this week

A future Palestine state will have no borders and be an enclave within Israel, surrounded on all sides by Israeli-held territory, says Robert Fisk
A History of the First World War in 100 Moments: The German people demand an end to the fighting

A History of the First World War in 100 Moments

The German people demand an end to the fighting
New play by Oscar Wilde's grandson reveals what the Irish wit said at his trials

New play reveals what Oscar Wilde said at trials

For a century, what Wilde actually said at his trials was a mystery. But the recent discovery of shorthand notes changed that. Now his grandson Merlin Holland has turned them into a play
Can scientists save the world's sea life from

Can scientists save our sea life?

By the end of the century, the only living things left in our oceans could be plankton and jellyfish. Alex Renton meets the scientists who are trying to turn the tide
Richard III, Trafalgar Studios, review: Martin Freeman gives highly intelligent performance

Richard III review

Martin Freeman’s psychotic monarch is big on mockery but wanting in malice