Microsoft security gets an ‘F’

Microsoft security gets an ‘F’ while one Windows user considers making the switch to the Mac platform, according to a Reuters article.

The story says that, in the opinion of computer security experts, the recent “SQL Slammer” worm, “the worst in more than a year, is evidence that Microsoft’s year-old security push [Trustworthy Computing] is not working.” Slammer hit just over a year after Bill Gates sent a company-wide e-mail to Microsoft employees emphasizing that the company was making security improvements a top priority.

The virus exists only in the memory of unpatched Microsoft SQL servers and spreads from one system to another. It causes increased traffic on UDP port 1434 and spreads between SQL servers. Heavy network traffic, associated with this threat, can effect network performance on all systems on the network.

“Trustworthy Computing is failing,” Russ Cooper of TruSecure Corp., said in regarding the Microsoft initiative. “I gave it a ‘D-minus’ at the beginning of the year, and now I’d give it an ‘F.”‘

Microsoft said that part of the problem was that many Windows users didn’t install a patch that had been available since last June, but Cooper feels that the idea of patching is “fundamentally flawed and leaves people vulnerable.” In fact, Microsoft didn’t follow its own advice as executives confirmed that an internal network was hit by the worm, according to Reuters.

What’s more, Bruce Schneier, chief technology officer of Counterpane Internet Security, a network monitoring service provider, is thinking of switching from Windows to the Mac platform because of all the security issues.

“My wife has a Mac and she doesn’t worry about viruses, trojans, leaks.., ” he told Reuters. A Consumer Reports survey last year found that virus infection rates on Macs are half what they are on Windows.