Charles Arthur On technology

'Windows wasn't designed with security - or, indeed, the internet - in mind. Its innards predate that use significantly'

When Bill Gates says, as he did recently at a packed conference of computer-security experts, that Windows is becoming safer all the time, he is being absolutely truthful.

This may seem surprising, as the "worm wars" between bizarrely named programs such as Netsky, MyDoom and Bagle grow ever more ferocious. But Gates (below) is being precise. He is not talking about the version of Windows that most people have on their computers. He is talking about the version that a tiny minority are using: the one that has all the latest patches and updates applied. He has it on his machine.

A great many people don't, and they're causing everyone, including themselves and innocent users (including those on non-Microsoft operating systems) a lot of trouble. They're the ones whose machines are still infected by worms such as Blaster, SoBig, and even Klez which, despite first appearing in April 2002, is still the fifth most prevalent virus on the net. And even when Klez appeared, it was exploiting a vulnerability (in Internet Explorer 5, but not later versions) that Microsoft had already fixed - in 2001.

Those people are also the most vulnerable to "phishing" scams that exploit weaknesses in Explorer to dupe people into handing over their bank, credit card, Paypal or eBay details, and to viruses and online hacking taking over their machines.

How many people are at risk? While there is no hard data as to how many people use which version of the operating system, a good guide comes from Google's visitor statistics. They reveal that 45 per cent of visitors use WindowsXP, the newest version. Of the rest, 24 per cent use Windows98; 18 per cent, Windows 2000; 3 per cent, Windows NT; 1 per cent, Windows95. (The rest use Linux, Macintosh and other operating systems; see www.google.com/press/zeitgeist.html).

At least half of those WindowsXP installations have never been updated to incorporate Microsoft's patches, because their owners won't know how to; and Microsoft shipped WindowsXP with the functionality to download those updates switched off. It also left the firewall turned off, and didn't close the "ports" to connect to services most home users would never need. Each of these problems is a fault of decision-making within Microsoft about the threats that the machines would face in a connected world.

Few people are better aware of those threats than David Aucsmith, responsible for Microsoft's "security architecture". "There's an army of people 'assisting' us in finding vulnerabilities in Windows," he said recently. Microsoft isn't lax in working on the fixes to holes discovered in Windows; in fact, says Aucsmith, only one attack has been the result of a vulnerability of which the company wasn't already aware. (He declines to name it, but evidence suggests it was last summer's "Blaster" worm.)

"But we can watch what happens when we release a patch for a flaw," he says. "There's a hacking tool that compares the patched operating system with the unpatched one, and generates code to exploit that." The problem is compounded in two ways. "Our Achilles heel is testing our patches against all the variations of customer software out there," said Aucsmith. "If we release a patch that futzes up a bank's software, there's hell to pay. The bad guys don't face the same constraints."

He also readily acknowledges that Windows wasn't designed with security - or, indeed, the internet - in mind. The development of Windows95 began in 1993. So although it came out just as the internet exploded into public use, its innards predate that use significantly. That's one area where rival operating systems have a definite advantage. Both Linux and Apple's Mac OSX are variants of Unix, built to handle multiple, potentially conflicting, users on a network. They presume that people may try to do bad things to the machine, and aim to forestall them; security is an axiom, rather than an add-on.

Microsoft is readying itself for the attacks that will be aimed at its next-generation operating system, Longhorn, due in the second half of the decade. But what if nobody gets the updates, or upgrades to the new version? Microsoft is, I understand, considering a trade-in system for users of older versions of Windows. But what about those using machines that can't run XP because they're too old? That, along with the question of whether Microsoft, or someone else, should foot the bill, means the idea is stuck inside the company for now.

Microsoft has produced a free "Windows Security CD" with updates to Windows (for all flavours from 98 onwards) valid until last October. Unfortunately, you have to order the CD online; and you need to set up a Microsoft .NET Passport account to do so. Microsoft's next "service pack" for Windows XP, due very soon, will turn the firewall on and the unused ports and services off. Future versions might even download the updates automatically.

It's a start, but unfortunately we aren't at the beginning of the problem. Next time you receive a phishing e-mail, or a virus, consider this: some people out there will believe them, and their machines won't protect them against them, even though - as Gates said - Windows is getting safer.

Microsoft Security Update CD: (www.microsoft.com/uk/security/protect/update.mspx)

Start your day with The Independent, sign up for daily news emails
Voices
There will be a chance to bid for a rare example of the SAS Diary, collated by a former member of the regiment in the aftermath of World War II but only published – in a limited run of just 5,000 – in 2011
charity appealTime is running out to secure your favourite lot as our auction closes at 2pm tomorrow
Arts and Entertainment
Mark Wright and Bianca Miller in the final of The Apprentice
tvMark Wright and Bianca Miller fight for Lord Sugar's investment
Arts and Entertainment
X Factor winner Ben Haenow has scored his first Christmas number one
music
Arts and Entertainment
James May, Jeremy Clarkson and Richard Hammond in the Top Gear Patagonia Special
tv
PROMOTED VIDEO
News
File: James Woods attends the 52nd New York Film Festival at Walter Reade Theater on September 27, 2014
peopleActor was tweeting in wake of NYPD police shooting
News
Claudia Winkleman and co-host Tess Daly at the Strictly Come Dancing final
people
News
i100
Extras
indybest
News
peopleLiam Williams posted photo of himself dressed as Wilfried Bony
Sport
Martin Skrtel heads in the dramatic equaliser
SPORTLiverpool vs Arsenal match report: Bandaged Martin Skrtel heads home in the 97th-minute
ebooks
ebooksA year of political gossip, levity and intrigue from the sharpest pen in Westminster
Arts and Entertainment
The Apprentice finalists Mark Wright and Bianca Miller
tvBut who should win The Apprentice?
News
The monkey made several attempts to revive his friend before he regained consciousness
video
Extras
indybest
News
Elton John and David Furnish will marry on 21 December 2014
peopleSinger posts pictures of nuptials throughout the day
Life and Style
A still from the 1939 film version of Margaret Mitchell's 'Gone with the Wind'
life
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Carlton Senior Appointments: Private Banking Manager - Intl Bank - Los Angeles

$200 - $350 per annum: Carlton Senior Appointments: Managing Producer – Office...

Carlton Senior Appointments: San Fran - Investment Advisor – Ind Advisory Firm

$125 - $225 per annum: Carlton Senior Appointments: San Fran - Investment Advi...

Sheridan Maine: Commercial Finance Manager

Up to £70,000 per annum + benefits: Sheridan Maine: Are you a qualified accoun...

Sheridan Maine: Regulatory Reporting Accountant

Up to £65,000 per annum + benefits: Sheridan Maine: Are you a qualified accoun...

Day In a Page

The week Hollywood got scared and had to grow up a bit

The week Hollywood got scared and had to grow up a bit

Sony suffered a chorus of disapproval after it withdrew 'The Interview', but it's not too late for it to take a stand, says Joan Smith
From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?

Panto dames: before and after

From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?
Thirties murder mystery novel is surprise runaway Christmas hit

Thirties murder mystery novel is surprise runaway Christmas hit

Booksellers say readers are turning away from dark modern thrillers and back to the golden age of crime writing
Anne-Marie Huby: 'Charities deserve the best,' says founder of JustGiving

Anne-Marie Huby: 'Charities deserve the best'

Ten million of us have used the JustGiving website to donate to good causes. Its co-founder says that being dynamic is as important as being kind
The botanist who hunts for giant trees at Kew Gardens

The man who hunts giants

A Kew Gardens botanist has found 25 new large tree species - and he's sure there are more out there
The 12 ways of Christmas: Spare a thought for those who will be working to keep others safe during the festive season

The 12 ways of Christmas

We speak to a dozen people who will be working to keep others safe, happy and healthy over the holidays
Birdwatching men have a lot in common with their feathered friends, new study shows

The male exhibits strange behaviour

A new study shows that birdwatching men have a lot in common with their feathered friends...
Diaries of Evelyn Waugh, Virginia Woolf and Noël Coward reveal how they coped with the December blues

Famous diaries: Christmas week in history

Noël Coward parties into the night, Alan Clark bemoans the cost of servants, Evelyn Waugh ponders his drinking…
From noble to narky, the fall of the open letter

From noble to narky, the fall of the open letter

The great tradition of St Paul and Zola reached its nadir with a hungry worker's rant to Russell Brand, says DJ Taylor
A Christmas ghost story by Alison Moore: A prodigal daughter has a breakthrough

A Christmas ghost story by Alison Moore

The story was published earlier this month in 'Poor Souls' Light: Seven Curious Tales'
Marian Keyes: The author on her pre-approved Christmas, true love's parking implications and living in the moment

Marian Keyes

The author on her pre-approved Christmas, true love's parking implications and living in the moment
Bill Granger recipes: Our chef creates an Italian-inspired fish feast for Christmas Eve

Bill Granger's Christmas Eve fish feast

Bill's Italian friends introduced him to the Roman Catholic custom of a lavish fish supper on Christmas Eve. Here, he gives the tradition his own spin…
Liverpool vs Arsenal: Brendan Rodgers is fighting for his reputation

Rodgers fights for his reputation

Liverpool manager tries to stay on his feet despite waves of criticism
Amir Khan: 'The Taliban can threaten me but I must speak out... innocent kids, killed over nothing. It’s sick in the mind'

Amir Khan attacks the Taliban

'They can threaten me but I must speak out... innocent kids, killed over nothing. It’s sick in the mind'
Michael Calvin: Sepp Blatter is my man of the year in sport. Bring on 2015, quick

Michael Calvin's Last Word

Sepp Blatter is my man of the year in sport. Bring on 2015, quick