Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
   -Ask the Computer Guy
   -Fast Forward
   -The Download
   -Web Watch
Personal Tech
Special Reports

Page 2 of 2    < Back   
Fast Forward by Rob Pegoraro
Microsoft Windows: Insecure by Design


_____Live Online_____
Monday, 2 p.m. ET: Rob Pegoraro will be online to talk about this column and his recent review of Apple's iPod Mini.
_____Recent Columns_____
Strung Up With Cable TV (The Washington Post, Feb 22, 2004)
Apple's iPod Mini Is a Big Deal in the MP3 World (The Washington Post, Feb 15, 2004)
We'd Like a Bit More, For a Little Less (The Washington Post, Feb 8, 2004)
Fast Forward Archive
_____Personal Tech_____
Full Section
Fast Forward
Web Watch
Ask the Computer Guy
_____Free E-letter_____
Sign Up Now: In his Fast Forward weekly e-letter, Personal tech editor Rob Pegoraro keeps you posted on the latest gear and gadgets (Delivered every Monday).

E-Mail This Article
Print This Article

But they weren't asking for easily cracked PCs either. Now, Jones said, Microsoft believes it's better to leave ports shut until users open the ones they need. But any change to this dangerous default configuration will only come in some future update.

In comparison, Mac OS X ships with zero ports open to the Internet.

The firewall that's down: A firewall provides further defense against worms, rejecting dangerous Internet traffic.

Windows XP includes basic firewall software (it doesn't monitor outgoing connections), but it's inactive unless you use its "wizard" software to set up a broadband connection. Turning it on is a five-step task in Microsoft's directions ( that must be repeated for every Internet connection on a PC.

Mac OS X's firewall isn't enabled by default either, but it's much simpler to enable. Red Hat Linux is better yet: Its firewall is on from the start.

The patches that aren't downloaded: Windows is better than most operating systems at easing the drudgery of staying on top of patches and bug fixes, since it can automatically download them. A PC kept current with Microsoft's security updates would have survived this week unscathed.

But hundreds of thousands, if not millions, of Windows systems still got Blasted, even though the patch to stop this worm was released weeks ago.

Part of this is users' fault. "Critical updates" are called that for a reason, and it's foolish to ignore them. (The same goes for not installing and updating anti-virus software.)

The chance of a patch wrecking Windows is dwarfed by the odds that an unpatched PC will get hit. And for those saying they don't trust Microsoft to fix their systems, I have one question: If you don't trust this company, why did you give it your money?

Microsoft, however, must share blame, too. Windows XP's pop-up invitations to use Windows Update must compete for attention with all of XP's other, less important nags -- get a Passport account, take a tour of XP, hide unused desktop icons, blah, blah, blah.

Microsoft's critical updates also are absent from retail copies of Windows XP, forcing buyers into lengthy Windows Update sessions to get the fixes since last year's Service Pack 1 upgrade. At least the version of XP provided to PC manufacturers is refreshed once a quarter or so -- and Microsoft says it's working to shorten this lag.

The lack of any limit to damage: Windows XP, by default, provides unrestricted, "administrator" access to a computer. This sounds like a good thing but is not, because any program, worms and viruses included, also has unrestricted access.

Yet administrator mode is the only realistic choice: XP Home's "limited account," the only other option, doesn't even let you adjust a PC's clock.

Mac OS X and Linux get this right: Users get broad rights, but critical system tasks require entering a password. If, for instance, a virus wants to install a "backdoor" for further intrusions, you'll have to authorize it. This fail-safe isn't immune to user gullibility and still allows the total loss or theft of your data, but it beats Windows' anything-goes approach.

Because Microsoft blew off security concerns for so long, millions of PCs remain unpatched, ready for the next Windows-transmitted disease. Microsoft needs to do more than order up another round of "Protect Your PC" ads.

Here's a modest proposal: Microsoft should use some of its $49 billion hoard to mail an update CD to anybody who wants one. At $3 a pop (a liberal estimate), it could ship a disc to every human being on Earth -- and still have $30 billion in the bank.

Living with technology, or trying to? E-mail Rob Pegoraro at

< Back    1 2
Print This Article Home

© 2003 The Washington Post Company

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication