Charles Arthur On technology

'Windows wasn't designed with security - or, indeed, the internet - in mind. Its innards predate that use significantly'

When Bill Gates says, as he did recently at a packed conference of computer-security experts, that Windows is becoming safer all the time, he is being absolutely truthful.

This may seem surprising, as the "worm wars" between bizarrely named programs such as Netsky, MyDoom and Bagle grow ever more ferocious. But Gates (below) is being precise. He is not talking about the version of Windows that most people have on their computers. He is talking about the version that a tiny minority are using: the one that has all the latest patches and updates applied. He has it on his machine.

A great many people don't, and they're causing everyone, including themselves and innocent users (including those on non-Microsoft operating systems) a lot of trouble. They're the ones whose machines are still infected by worms such as Blaster, SoBig, and even Klez which, despite first appearing in April 2002, is still the fifth most prevalent virus on the net. And even when Klez appeared, it was exploiting a vulnerability (in Internet Explorer 5, but not later versions) that Microsoft had already fixed - in 2001.

Those people are also the most vulnerable to "phishing" scams that exploit weaknesses in Explorer to dupe people into handing over their bank, credit card, Paypal or eBay details, and to viruses and online hacking taking over their machines.

How many people are at risk? While there is no hard data as to how many people use which version of the operating system, a good guide comes from Google's visitor statistics. They reveal that 45 per cent of visitors use WindowsXP, the newest version. Of the rest, 24 per cent use Windows98; 18 per cent, Windows 2000; 3 per cent, Windows NT; 1 per cent, Windows95. (The rest use Linux, Macintosh and other operating systems; see www.google.com/press/zeitgeist.html).

At least half of those WindowsXP installations have never been updated to incorporate Microsoft's patches, because their owners won't know how to; and Microsoft shipped WindowsXP with the functionality to download those updates switched off. It also left the firewall turned off, and didn't close the "ports" to connect to services most home users would never need. Each of these problems is a fault of decision-making within Microsoft about the threats that the machines would face in a connected world.

Few people are better aware of those threats than David Aucsmith, responsible for Microsoft's "security architecture". "There's an army of people 'assisting' us in finding vulnerabilities in Windows," he said recently. Microsoft isn't lax in working on the fixes to holes discovered in Windows; in fact, says Aucsmith, only one attack has been the result of a vulnerability of which the company wasn't already aware. (He declines to name it, but evidence suggests it was last summer's "Blaster" worm.)

"But we can watch what happens when we release a patch for a flaw," he says. "There's a hacking tool that compares the patched operating system with the unpatched one, and generates code to exploit that." The problem is compounded in two ways. "Our Achilles heel is testing our patches against all the variations of customer software out there," said Aucsmith. "If we release a patch that futzes up a bank's software, there's hell to pay. The bad guys don't face the same constraints."

He also readily acknowledges that Windows wasn't designed with security - or, indeed, the internet - in mind. The development of Windows95 began in 1993. So although it came out just as the internet exploded into public use, its innards predate that use significantly. That's one area where rival operating systems have a definite advantage. Both Linux and Apple's Mac OSX are variants of Unix, built to handle multiple, potentially conflicting, users on a network. They presume that people may try to do bad things to the machine, and aim to forestall them; security is an axiom, rather than an add-on.

Microsoft is readying itself for the attacks that will be aimed at its next-generation operating system, Longhorn, due in the second half of the decade. But what if nobody gets the updates, or upgrades to the new version? Microsoft is, I understand, considering a trade-in system for users of older versions of Windows. But what about those using machines that can't run XP because they're too old? That, along with the question of whether Microsoft, or someone else, should foot the bill, means the idea is stuck inside the company for now.

Microsoft has produced a free "Windows Security CD" with updates to Windows (for all flavours from 98 onwards) valid until last October. Unfortunately, you have to order the CD online; and you need to set up a Microsoft .NET Passport account to do so. Microsoft's next "service pack" for Windows XP, due very soon, will turn the firewall on and the unused ports and services off. Future versions might even download the updates automatically.

It's a start, but unfortunately we aren't at the beginning of the problem. Next time you receive a phishing e-mail, or a virus, consider this: some people out there will believe them, and their machines won't protect them against them, even though - as Gates said - Windows is getting safer.

Microsoft Security Update CD: (www.microsoft.com/uk/security/protect/update.mspx)

News
A model of a Neanderthal man on display at the National Museum of Prehistory in Dordogne, France
science
News
Richard Dawkins dedicated his book 'The Greatest Show on Earth' to Josh Timonen
newsThat's Richard Dawkins on babies with Down Syndrome
Arts and Entertainment
Eye of the beholder? 'Concrete lasagne' Preston bus station
architectureWhich monstrosities should be nominated for the Dead Prize?
Extras
indybest
PROMOTED VIDEO
News
ebooksAn evocation of the conflict through the eyes of those who lived through it
Travel
Dinosaurs Unleashed at the Eden Project
travel
Arts and Entertainment
music
Sport
football
Life and Style
This month marks the 20th anniversary of the first online sale
techDespite a host of other online auction sites and fierce competition from Amazon, eBay is still the most popular e-commerce site in the UK
News
i100
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Quantitative Analyst (Financial Services, Graduate, SQL, VBA)

£45000 per annum: Harrington Starr: Quantitative Analyst (Financial Services, ...

Application Support Engineer (C++, .NET, VB, Perl, Bash, SQL)

Negotiable: Harrington Starr: Application Support Engineer (C++, .NET, VB, Per...

AIFMD Business Analyst / Consultant - Investment Management

£450 - £600 per day: Harrington Starr: AIFMD Business Analyst / Consultant - I...

Business Analyst Solvency II SME (Pillar 1, 2 & 3) Insurance

£450 - £600 per day: Harrington Starr: Business Analyst Solvency II SME (Pilla...

Day In a Page

Middle East crisis: We know all too much about the cruelty of Isis – but all too little about who they are

We know all too much about the cruelty of Isis – but all too little about who they are

Now Obama has seen the next US reporter to be threatened with beheading, will he blink, asks Robert Fisk
Neanderthals lived alongside humans for centuries, latest study shows

Final resting place of our Neanderthal neighbours revealed

Bones dated to 40,000 years ago show species may have died out in Belgium species co-existed
Scottish independence: The new Scots who hold fate of the UK in their hands

The new Scots who hold fate of the UK in their hands

Scotland’s immigrants are as passionate about the future of their adopted nation as anyone else
Britain's ugliest buildings: Which monstrosities should be nominated for the Dead Prize?

Blight club: Britain's ugliest buildings

Following the architect Cameron Sinclair's introduction of the Dead Prize, an award for ugly buildings, John Rentoul reflects on some of the biggest blots on the UK landscape
eBay's enduring appeal: Online auction site is still the UK's most popular e-commerce retailer

eBay's enduring appeal

The online auction site is still the UK's most popular e-commerce site
Culture Minister Ed Vaizey: ‘lack of ethnic minority and black faces on TV is weird’

'Lack of ethnic minority and black faces on TV is weird'

Culture Minister Ed Vaizey calls for immediate action to address the problem
Artist Olafur Eliasson's latest large-scale works are inspired by the paintings of JMW Turner

Magic circles: Artist Olafur Eliasson

Eliasson's works will go alongside a new exhibition of JMW Turner at Tate Britain. He tells Jay Merrick why the paintings of his hero are ripe for reinvention
Josephine Dickinson: 'A cochlear implant helped me to discover a new world of sound'

Josephine Dickinson: 'How I discovered a new world of sound'

After going deaf as a child, musician and poet Josephine Dickinson made do with a hearing aid for five decades. Then she had a cochlear implant - and everything changed
Greggs Google fail: Was the bakery's response to its logo mishap a stroke of marketing genius?

Greggs gives lesson in crisis management

After a mishap with their logo, high street staple Greggs went viral this week. But, as Simon Usborne discovers, their social media response was anything but half baked
Matthew McConaughey has been singing the praises of bumbags (shame he doesn't know how to wear one)

Matthew McConaughey sings the praises of bumbags

Shame he doesn't know how to wear one. Harriet Walker explains the dos and don'ts of fanny packs
7 best quadcopters and drones

Flying fun: 7 best quadcopters and drones

From state of the art devices with stabilised cameras to mini gadgets that can soar around the home, we take some flying objects for a spin
Joey Barton: ‘I’ve been guilty of getting a bit irate’

Joey Barton: ‘I’ve been guilty of getting a bit irate’

The midfielder returned to the Premier League after two years last weekend. The controversial character had much to discuss after his first game back
Andy Murray: I quit while I’m ahead too often

Andy Murray: I quit while I’m ahead too often

British No 1 knows his consistency as well as his fitness needs working on as he prepares for the US Open after a ‘very, very up and down’ year
Ferguson: In the heartlands of America, a descent into madness

A descent into madness in America's heartlands

David Usborne arrived in Ferguson, Missouri to be greeted by a scene more redolent of Gaza and Afghanistan
BBC’s filming of raid at Sir Cliff’s home ‘may be result of corruption’

BBC faces corruption allegation over its Sir Cliff police raid coverage

Reporter’s relationship with police under scrutiny as DG is summoned by MPs to explain extensive live broadcast of swoop on singer’s home