(3 of 4)
Nevertheless, there is much to embarrass Microsoft in the latest crop of worms. Blaster and Welchia both relied on the same security loophole that was found in Windows in July. There was a fix available--the one Welchia tried to download--but it was among dozens the company puts out every month. Windows XP made its debut in 2001 with some 45 million lines of code and a lot of mistakes, many of which have yet to be uncovered. Because of its complexity, "no other product could potentially be so flawed," says Jerry Ungerman, president of Silicon Valley's Check Point Software. No consumer movement has sprung up demanding a Windows recall just yet, but a car with this many problems would be a tort lawyer's joyride.
Not according to Microsoft. "This is more like your car being threatened by a new caliber bullet," says Mike Nash, the company's vice president for security. Still, a Bill Gates memo last year admitted Windows needed to be more "trustworthy." The company placed ads in national newspapers last week reminding users to turn on Windows XP's internal firewall and employ the operating system's automatic-update feature. That is, you can allow the company to fix its unintended mistakes constantly and quietly in the background. Windows XP does not ship with this feature turned on because of the Big Brother factor. But attitudes may be changing. Says Nash: "Customers are more willing to give up their privacy concerns."
Security experts are willing to cut Microsoft a lot of slack. In some ways, they say, Windows is a victim of its success. if rival operating systems like Linux or Mac OS had a 95% market share, the virus writers would be hard at work probing them for holes. Whether they would find as many is a different question altogether. Linux and, to a lesser extent, Mac OS are open source, which means they're subject to constant peer review by engineers and software writers all over the world. The energy that goes into finding fault with Windows exists in the Linux world too, but it's focused on making the code better. To help stave off the competitive threat from Linux, Microsoft recently allowed several governments across the world to take a peek at the precious Windows source code but is unlikely to go fully open source anytime soon.
What Microsoft isn't responsible for are the problems it inherited from the early years of the Internet. All the rules and protocols that govern how computers talk to one another and how e-mail is passed around have been handed down from the 1960s and '70s and are riddled with loopholes. Back then the nascent network was the province of the military and academia. If someone even knew what e-mail was, he or she was likely to be friendly.
As recently as two years ago, it was easy to avoid the impact of most viruses and worms like Melissa and the infamous Love Bug by not using too many Microsoft products. Most of the known security flaws that spurred virus writers had to do with the way Outlook talked to Word or Excel. The greatest danger was having a Microsoft monoculture on your desktop. The digital equivalent of planting only one kind of potato in your fields, it practically invited pests to do their worst.