I just read a PC World article that says, well… this:
My PC’s firewall, antivirus scanner, spyware remover, pop-up blocker, and spam filter all agree: Windows is sorely lacking in PC security. That situation may not change until Windows Vista (formerly Longhorn) comes out sometime next year.
This implies that things will, in fact, get better with the release of Vista. I wonder why they think that. The minute Windows was connected to a network, there were problems. When Windows ’95 came out, there were even more problems. When Windows ’98 came out, there were even more problems. Then NT/2000 used buzzwords like “security built-in”, and there were still more problems, and now things were really bad because NT really made a dent in the server area, so things weren’t just bad on the desktop, they were bad all over!
Then Windows XP came out. Now, for those who don’t know, Microsoft is far, far better at marketing than they are at making software. Even Microsoft employees will tell you this. Marketing bohemuth that it is, the best they could say about XP is that it was “their most secure operating system to date” or something just like that. This drew laughter from the entire technology community – even Windows administrators blew it off and prepared for the next generation of worms and viruses. Sure enough, within something like 20 minutes of the release announcement of Windows XP, reports followed of it being hacked. Let the games begin!
It turns out that the speed with which XP was broken was quite telling, because some months ago numbers were released that stated that, if you leave a default install of XP connected to the internet, it will (on average) be infected with a virus, worm, spyware, or whatever. Admins complain that they can’t even get XP updated before it’s infected. Microsoft somehow didn’t get the message that just about all infections an XP machine falls prey to are delivered over the internet, and decided the internet was the perfect delivery mechanism for updates. Oh the irony!
I could go on like this for days about Microsoft’s history with security and privacy. The point is, while there is no such thing as 100% security in any operating system, there doesn’t seem to be any such thing as 10% security in the Windows environment.
Windows now has two battles to figh: Educating a user base that they’ve always told in the past “you don’t have to know anything, just click here”, and trying to protect these users from the internet, as well as the oblivious monster created by Microsoft: themselves. The double entendre there is intentional, by the way.