News Stay informed about the latest enterprise technology news and product updates.

Blame hackers, not Redmond, for cyberattacks

Editor's note: Who's the real villain when it comes to security vulnerabilities in Windows? Not Microsoft, argues editorial advisory board member Larry Duncan. In a scathing rebuttal to news editor John Hogan's recent commentary, "Microsoft smears lipstick on a pig," Duncan points his finger at whom he sees as the true enemy of corporate IT and defends Redmond's new plans for enterprise patch management as a giant step in the right direction.

After reading John Hogan's recent article "Microsoft smears lipstick on a pig," I found myself enraged that someone could be so pompous as to think that Microsoft should be held to some elitist status, incapable of error.

Mr. Hogan's comment about Microsoft chief executive Steve Ballmer "smearing lipstick on a pig" (a reference to Microsoft's new direction for patch management) is both disrespectful and out of touch. I wonder if Mr. Hogan has ever deployed a service pack or security patch, or if he's ever been paged in the middle of the night because of a network intrusion. If he has, I'm sure he would see that the changes Ballmer outlined at the Microsoft Worldwide Partner Conference are a welcome change to the corporate landscape.

Mr. Hogan refers to Microsoft as a "swine" and its recent efforts as lipstick smeared on for appearance's sake. Who is the real swine here, Mr. Hogan? Is it the company that spends millions of dollars each year to ensure that its customers receive timely patches to vulnerabilities in its software, or the hackers that take advantage of companies that don't have the patches applied? Microsoft is not the swine here, hackers are. It's time that we quit expecting perfection from Microsoft and sneering at its efforts to improve. Let's place blame where it squarely belongs: with the hackers!

I have personally seen great strides by Microsoft with its enhancements to Software Update Services (SUS) and the accompanying SUS for Systems Management Server (SMS) Feature Pack. I also look forward to Microsoft consolidating the installers, simplifying the installation process and extending patch automation to all their products. These are exciting changes for the typical SUS/SMS administrator tasked with the daunting responsibility of deploying service packs and hotfixes, as well as reporting their status.

Yes, I'd agree with Mr. Hogan that Client Shielding (a new term that encompasses several security-related changes in Windows XP Service Pack 2) and Enterprise Shielding (a feature of Windows Server 2003 Service Pack 1 that will disallow clients that do not meet corporate security standards) are stopgap measures. But, what Mr. Hogan doesn't seem to understand is that if you don't "stop the gap," the floodgates will eventually perish and the waters (hackers) will flow right in. If Mr. Hogan has any suggestions to accompany his insults, I'm sure that the entire industry would like to hear them.

Larry Duncan is a editorial advisory board member and a consultant for Collective Technologies, an Austin, Texas-based technology service provider, where he is engaged in SMS and SUS assessments and deployments for Fortune 500 companies. You can reach him at:


Critical Windows, Exchange alerts issued

Ballmer lays out Windows security plan

Users react to latest Microsoft security push

Microsoft smears lipstick on a pig

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.