Computerworld - Windows XP Service Pack 2 is now making its way onto computers. This major update is a step forward for a company that has had an abysmal record on security, and we should be happy for that much.
But it's only one overdue action. Users should also install more capable firewalls, antivirus software and antispyware applications. But the service pack also reminds us of a situation that Microsoft has never properly addressed: the retail/computer security problem.
If you buy a new Windows PC for your home and hook it up to a DSL service or a cable-modem line without first installing a hardware or software firewall, your computer could well be compromised by hackers before you've even had time to install Microsoft's "critical" security updates.
The PC may be turned into a spammer's toy, a zombie spewing thousands of mail messages per day, some of which could clog corporate networks. Or, worse, it may now have a keystroke logger in place, snarfing up personal and corporate log-ons and passwords and sending them who knows where.
This is a clear and present danger to corporate networks. If an infected home PC gets connected to the corporate network, via a VPN or other means, all the work IT does internally to keep things safe could be wrecked.
Yet this is reality. Why? Because Microsoft doesn't require computer makers and retailers to sell their PCs with totally updated operating systems. The computers likely will have XP with the most recent service pack, but no subsequent updates.
The same is true if you buy the Windows XP software by itself, in the box. It, too, will probably need updating to be even remotely safe. In other words, despite monopoly profits and legions of talented programmers, Microsoft continues to allow retail versions of Windows to go out the door with known defects. Why?
Yes, there are complications in the retail channel. Microsoft and the manufacturers would have to put in a great deal more effort, and some added expense, to do the right thing. Given the wafer-thin margins in PC retailing, you can't expect the manufacturers or retailers to voluntarily take this on. That's why Microsoft should step in and do it for them.
At last count, Microsoft had more than $50 billion in cash. It plans to give some of that back to shareholders. Fine. But how about using some of it to make sure that computers sold at retail have the latest update of the operating system, with the firewall turned on?
Microsoft
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
