Users show some sympathy to Microsoft over security

From...

by Carol Sliwa

(IDG) -- Bashing Microsoft Corp. may be popular sport on some issues, but the internal security breach that the company disclosed late last month has some corporate information technology users waxing sympathetic.

Several users last week said the incident -- in which a malicious attacker gained access to certain parts of Microsoft's corporate network and was able to view the source code for an unspecified future product (see "Microsoft stung by hack attack," link below) -- did nothing to change their perceptions or opinions of the software maker or its products. They also said it won't affect their purchasing decisions.

MESSAGE BOARD Security on the Net     ALSO Microsoft case in political limbo as votes counted Microsoft to promote tablet PC at Comdex

"I don't think any less of them," said Jeffrey Ratner, director of IT engineering at Phoenix Home Life Mutual Insurance Co. in Hartford, Conn. "I know how things go. I feel bad for them."

Security breaches have become so routine that "after a little while, you stop noticing," said Rick Waugh, a project manager at Telus Corp. in Burnaby, British Columbia.

Illustrating his point, Microsoft last Friday confirmed that another hacker had managed to penetrate at least one of its Web servers after the company's security staff apparently failed to completely apply a patch that's supposed to plug a hole in Microsoft's Internet Information Server software (see "Another hacker hits Microsoft," link below).

But Cathy Hotka, vice president of information technology at the National Retail Federation in Washington, noted that Microsoft isn't alone in being at risk of attacks by miscreant hackers. "Security is a moving target, and if they can be hit, we can all be hit," she said.

"These things will be happening all the time. It's just the nature of technology," said Richard Viard, co-founder and senior vice president of research and development at SmarterKids.com Inc. in Needham, Mass. "There will always be somebody to outsmart you."

MORE COMPUTING INTELLIGENCE

IDG.net home page

Computerworld's home page

Microsoft stung by hack attack

Another hacker hits Microsoft

Dimitri taunts Microsoft with another hack

Reviews & in-depth info at IDG.net

E-BusinessWorld

TechInformer

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

A security breach at one of the world's largest and most powerful technology companies didn't make Viard feel any more vulnerable than he already did, he said. "We've always been paranoid about this stuff," he said. "You can be very prepared, but you can never be impenetrable."

Much of the sympathetic response from IT professionals stemmed from their intimate knowledge of the struggle every company faces when trying to secure its own network.

"We understand exactly how difficult it is to avoid being hacked in multiple layers," said one IT executive at a large financial service provider. "We have hacking attempts every day, [although], I'm sure, less than Microsoft. There are lots of people trying all the time."

Sometimes attackers get through one layer of the company's defenses, "but that's about it," continued the executive, who asked not to be identified.

"We do reports every day to see what our vulnerabilities have been, plus we test against ourselves on virtually an everyday basis," he said. But no matter how much monitoring the company does, it frequently can be difficult to tell exactly what has happened. "You stop something at the door and you don't know what it is," the executive noted.

Ratner said he respected Microsoft's decision to acknowledge the incident, discuss which software source code was potentially viewed by the intruder and stop the breach. "It seems to me they're trying to change their company philosophy," he said. "They're being more open."

It's also to Microsoft's credit that it caught the breach, Ratner added. "Something like that can go on for a long time," he said.

But Wayne Richards, a senior technical support analyst at Goodyear Tire & Rubber Co. in Akron, Ohio, questioned Microsoft's tactic of monitoring the hacker's moves for up to 12 days after the security breach was discovered.

"I hate to say it, but if a hacker got in here, we wouldn't be monitoring his moves. He'd be cut out," Richards said.

Microsoft also should be concerned that product secrets might have been stolen, Richards said. "If people steal code and post it on the Internet, people will be writing stuff that will interface with Microsoft products and file formats, and you might find it coming out on other platforms, showing up anywhere," he said.

Richards added that he expects to see more break-ins as a result of this incident -- not just at Microsoft but also at any company that buys into the Microsoft .Net platform, a new set of technologies under which the vendor plans to turn its software products into Internet-based services.

Microsoft servers hit by another hacker
November 7, 2000
Analysis: Home workers can imperil systems
November 7, 2000
Hacker attacks: You can never be too safe
November 1, 2000
Was hack attack Microsoft's own fault?
October 31, 2000
Hackers attack Microsoft network
October 27, 2000

Microsoft stung by hack attack
(Computerworld)
Another hacker hits Microsoft
(IDG.net)
Dimitri taunts Microsoft with another hack
(IDG.net)
Microsoft says it tracked intruder for 12 days
(Computerworld)
Executives call for delay in cyber crime pact
(IDG.net)
Feel secure? Don't be sure -- even Microsoft got hacked
(PC World)
Let the flogging begin at Microsoft
(The Industry Standard)
Microsoft patches server hole
(Computerworld)

Microsoft Corp.

Note: Pages will open in a new browser window

External sites are not endorsed by CNN Interactive.