Charles Arthur On technology

'Windows wasn't designed with security - or, indeed, the internet - in mind. Its innards predate that use significantly'

When Bill Gates says, as he did recently at a packed conference of computer-security experts, that Windows is becoming safer all the time, he is being absolutely truthful.

This may seem surprising, as the "worm wars" between bizarrely named programs such as Netsky, MyDoom and Bagle grow ever more ferocious. But Gates (below) is being precise. He is not talking about the version of Windows that most people have on their computers. He is talking about the version that a tiny minority are using: the one that has all the latest patches and updates applied. He has it on his machine.

A great many people don't, and they're causing everyone, including themselves and innocent users (including those on non-Microsoft operating systems) a lot of trouble. They're the ones whose machines are still infected by worms such as Blaster, SoBig, and even Klez which, despite first appearing in April 2002, is still the fifth most prevalent virus on the net. And even when Klez appeared, it was exploiting a vulnerability (in Internet Explorer 5, but not later versions) that Microsoft had already fixed - in 2001.

Those people are also the most vulnerable to "phishing" scams that exploit weaknesses in Explorer to dupe people into handing over their bank, credit card, Paypal or eBay details, and to viruses and online hacking taking over their machines.

How many people are at risk? While there is no hard data as to how many people use which version of the operating system, a good guide comes from Google's visitor statistics. They reveal that 45 per cent of visitors use WindowsXP, the newest version. Of the rest, 24 per cent use Windows98; 18 per cent, Windows 2000; 3 per cent, Windows NT; 1 per cent, Windows95. (The rest use Linux, Macintosh and other operating systems; see www.google.com/press/zeitgeist.html).

At least half of those WindowsXP installations have never been updated to incorporate Microsoft's patches, because their owners won't know how to; and Microsoft shipped WindowsXP with the functionality to download those updates switched off. It also left the firewall turned off, and didn't close the "ports" to connect to services most home users would never need. Each of these problems is a fault of decision-making within Microsoft about the threats that the machines would face in a connected world.

Few people are better aware of those threats than David Aucsmith, responsible for Microsoft's "security architecture". "There's an army of people 'assisting' us in finding vulnerabilities in Windows," he said recently. Microsoft isn't lax in working on the fixes to holes discovered in Windows; in fact, says Aucsmith, only one attack has been the result of a vulnerability of which the company wasn't already aware. (He declines to name it, but evidence suggests it was last summer's "Blaster" worm.)

"But we can watch what happens when we release a patch for a flaw," he says. "There's a hacking tool that compares the patched operating system with the unpatched one, and generates code to exploit that." The problem is compounded in two ways. "Our Achilles heel is testing our patches against all the variations of customer software out there," said Aucsmith. "If we release a patch that futzes up a bank's software, there's hell to pay. The bad guys don't face the same constraints."

He also readily acknowledges that Windows wasn't designed with security - or, indeed, the internet - in mind. The development of Windows95 began in 1993. So although it came out just as the internet exploded into public use, its innards predate that use significantly. That's one area where rival operating systems have a definite advantage. Both Linux and Apple's Mac OSX are variants of Unix, built to handle multiple, potentially conflicting, users on a network. They presume that people may try to do bad things to the machine, and aim to forestall them; security is an axiom, rather than an add-on.

Microsoft is readying itself for the attacks that will be aimed at its next-generation operating system, Longhorn, due in the second half of the decade. But what if nobody gets the updates, or upgrades to the new version? Microsoft is, I understand, considering a trade-in system for users of older versions of Windows. But what about those using machines that can't run XP because they're too old? That, along with the question of whether Microsoft, or someone else, should foot the bill, means the idea is stuck inside the company for now.

Microsoft has produced a free "Windows Security CD" with updates to Windows (for all flavours from 98 onwards) valid until last October. Unfortunately, you have to order the CD online; and you need to set up a Microsoft .NET Passport account to do so. Microsoft's next "service pack" for Windows XP, due very soon, will turn the firewall on and the unused ports and services off. Future versions might even download the updates automatically.

It's a start, but unfortunately we aren't at the beginning of the problem. Next time you receive a phishing e-mail, or a virus, consider this: some people out there will believe them, and their machines won't protect them against them, even though - as Gates said - Windows is getting safer.

Microsoft Security Update CD: (www.microsoft.com/uk/security/protect/update.mspx)

Start your day with The Independent, sign up for daily news emails
ebooks
ebooksAn introduction to the ground rules of British democracy
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Recruitment Genius: Content Writer - Global Financial Services

£25000 - £30000 per annum: Recruitment Genius: From modest beginnings the comp...

Recruitment Genius: Web Developer - PHP

£35000 - £40000 per annum: Recruitment Genius: From modest beginnings the comp...

Recruitment Genius: Field Sales Consultant - Financial Services - OTE £65,000

£15000 - £65000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: Loan Underwriter

£18000 - £20000 per annum: Recruitment Genius: This is a fantastic opportunity...

Day In a Page

Orthorexia nervosa: How becoming obsessed with healthy eating can lead to malnutrition

Orthorexia nervosa

How becoming obsessed with healthy eating can lead to malnutrition
Lady Chatterley is not obscene, says TV director

Lady Chatterley’s Lover

Director Jed Mercurio on why DH Lawrence's novel 'is not an obscene story'
Farmers in tropical forests are training ants to kill off bigger pests

Set a pest to catch a pest

Farmers in tropical forests are training ants to kill off bigger pests
Mexico: A culture that celebrates darkness as an essential part of life

The dark side of Mexico

A culture that celebrates darkness as an essential part of life
Being sexually assaulted was not your fault, Chrissie Hynde. Don't tell other victims it was theirs

Being sexually assaulted was not your fault, Chrissie Hynde

Please don't tell other victims it was theirs
A nap a day could save your life - and here's why

A nap a day could save your life

A midday nap is 'associated with reduced blood pressure'
If men are so obsessed by sex, why do they clam up when confronted with the grisly realities?

If men are so obsessed by sex...

...why do they clam up when confronted with the grisly realities?
The comedy titans of Avalon on their attempt to save BBC3

Jon Thoday and Richard Allen-Turner

The comedy titans of Avalon on their attempt to save BBC3
The bathing machine is back... but with a difference

Rolling in the deep

The bathing machine is back but with a difference
Part-privatised tests, new age limits, driverless cars: Tories plot motoring revolution

Conservatives plot a motoring revolution

Draft report reveals biggest reform to regulations since driving test introduced in 1935
The Silk Roads that trace civilisation: Long before the West rose to power, Asian pathways were connecting peoples and places

The Silk Roads that trace civilisation

Long before the West rose to power, Asian pathways were connecting peoples and places
House of Lords: Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled

The honours that shame Britain

Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled
When it comes to street harassment, we need to talk about race

'When it comes to street harassment, we need to talk about race'

Why are black men living the stereotypes and why are we letting them get away with it?
International Tap Festival: Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic

International Tap Festival comes to the UK

Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic
War with Isis: Is Turkey's buffer zone in Syria a matter of self-defence – or just anti-Kurd?

Turkey's buffer zone in Syria: self-defence – or just anti-Kurd?

Ankara accused of exacerbating racial division by allowing Turkmen minority to cross the border