Pender's Blog

Blog archive

Symantec CEO Speaks Out on Microsoft

In case you missed it, here's what Symantec CEO John Thompson had to say about Microsoft Forefront in the September issue of RCP:

"When the hype settles down, people have to settle into the pragmatic reality, which is that [Microsoft's] product sucks."

Well, then! If you'd like to read the rest of what Thompson had to say, check out Redmond magazine's Q&A with him.

As for security, reader Kevin writes to say that he's all for Microsoft taking care of its own software:

"I have always thought that the security of Windows should squarely sit on Microsoft's shoulders. All the third-party vendors providing 'security' for Windows by selling software and updates to install on the host machine are more like piranhas than heroes. Here is my thought process on this:

"One, Microsoft owns the design of the operating system. For good or bad, they OWN it. Two, third-party 'security' vendors do not go after the perpetrators directly and they offer no monies in earnest to apprehend them, but instead just sell software to thwart an 'attack.' Three, stupid users being lulled into thinking it is safe to download and run any software found on the Internet.

"For point 1, Microsoft should be held financially accountable for providing the fertile ground for such attacks to the operating system. They should be held accountable for each attack as should the hardware vendors. Yes, I am including the hardware vendors since there is no native protection from buffer overflows that the general population has available to them. If the hardware were to separate the buffer space from the executable space, it would go a long way to keeping such attacks from happening.

"OK, point 2 is totally self-serving on the 'security' vendors' part; if they actually cared about their customers and were successful in shutting down the criminals, their whole reason for being is wiped out. So, they talk up the issues and provide a fence but no strike force to stop it from happening in the first place.

"Point 3, yes, there are a lot of stupid users and mostly in the consumer space. The always-on, bare Internet connections are the most vulnerable to attack. Too many times, I have seen a machine happily infecting others even when the 'security' software was installed. Again, Microsoft has cultivated a population that knows nothing about a computer and what it can do but seems to be able to 'use' it. It would be like telling a teenager a story of how to drive and then giving them a key to an automatic car. Now, if the car were manual transmission, they would more likely know more about how to drive it than an automatic. That same teenager would then go out in the wild and more than likely cause accidents. Basically, the computer is too easy to use for the available built-in controls and security measures. So, users go out and purchase the security software and think they are safe. They never even bother to learn what the security software does or what to do when it detects something.

"Well, I could go on and on but you get the point."

We do, Kevin...and it's an interesting perspective, one that makes us think but that we also can't say we've heard that many times. Thanks for sharing it.

Posted by Lee Pender on September 21, 2007