Every so often I feel compelled to respond to the incessant coverage of the security flaws in Microsoft products. It’s easy to get the impression that Microsoft products are inherently insecure and that alternative systems are better.
Analysts from the Aberdeen Group reported today that open-source software and Linux installations have overtaken Microsoft as the leading security risks. Sixteen security alerts released by CERT in October cited flaws in open-source products, while seven were related to Microsoft. “Open source software is now the major source of elevated security vulnerabilities for IT buyers,” the Aberdeen report says. “The poster child for security glitches is no longer Microsoft; this label now belongs to open source and Linux software suppliers.”
The reality is that Microsoft products are attacked more often and researchers look for flaws more deeply in Microsoft products in the labs because the installed base of users is larger. Microsoft has become very responsive to reported problems that might affect security, and their track record is good for promptly delivering effective patches.
All software that has an online component is being attacked and flaws are being discovered – no matter whether it’s Microsoft, Apple, Linux and open-source, Sun (wrestling today with a security flaw opened up by their font handling, of all things), or companies that develop programs for those platforms. RealNetworks is struggling with security problems in RealOne and RealPlayer – they issued a patch last week, but they’ve had to pull it today because it didn’t work.
Security is a priority for every company making software that touches the Internet. Microsoft’s record is better than most on all counts, from the initial security of its products as shipped to its responsiveness when a flaw is discovered. As always, don’t be fooled by the Microsoft-bashing.