COMMENTARY-- You'd think that after the FBI first warned the public about a computer virus, Microsoft would announce a comprehensive plan to fix what's broken regarding security flaws in "Windows" and especially in Outlook Express. The company can start by wresting control of the browser architecture from the Web Consortium and other committees and immediately ceasing to allow fancy functionality that nobody except a few maniacs actually uses. In fact, whatever increased functionality one gets from the Web because of these features can easily be eliminated with few complaints. The same holds for some of the stupid advanced features of Word and Excel that are nothing more than Windows dressing. Let's look at a few of the troublesome subsystems that let a Web page do more than simply present data to your computer.

First of all, anything obtained online that can actively read from or write to the hard drive must be permanently eliminated, or its functionality must be seriously disabled or limited. This flies in the face of e-commerce folks and other dot-com mavens who hope more intrusive capabilities could be implemented for market research and other marketing reasons. These people, few of whom knew what a computer was a decade ago, see everything in terms of marketing, and they push companies like Microsoft to pay little if any attention to security.

Microsoft is always asked about this security flaw or that security flaw. The questioners usually end with "Why do you even have such a feature?" Microsoft spokespeople invariably answer, "It's what our customers have asked for." You see this comment in a lot of the news coverage of Microsoft security failings. But which customers is the company referring to? Not me, that's for sure. And probably not another 99 percent of customers, many of whom can't even figure out how to put page numbers on a Word document.

Ask yourself, who (besides marketers) really wants an active Web page reading from and writing to the hard drive without intervention? Are cookies, for example, really that important to most users? Let's start by getting rid of anything to do with ActiveX, then let's look at the newest capabilities of the browser and disable anything that interacts with a user's computer, other than the display, with or without permission. Microsoft controls the browser. Microsoft should put an end to this.

Of course, what is the likelihood of that happening if Microsoft won't fix more apparent problems that also have no reason to exist? By this, I mean the structure and functionality of the Word macro language. Virus hunters have been telling Microsoft to get rid of macro capability as implemented, to no avail. We have yet to see the great killer macro virus that will bring everything down everywhere, but we've come close. And what good are macros if you can't use them or nobody will execute them? Both Word and Excel should be recoded from scratch under the scrutiny of security experts.

Then we have Outlook Express. The product has been under fire since its release, and almost every major virus uses Outlook's open-door security policy to turn individual mailboxes into spam-o-matic e-mailing machines. This happens over and over "costing the nation and the world billions of dollars" and nothing is done, which alone calls for the breakup of Microsoft. Have the company dissociate itself from e-mail programs like this dog.

Everywhere you look, there are problems, one after another. Microsoft's first point-to-point tunneling protocol was flawed. More recently, the newest version of Windows Media Player can somehow execute code and create all sorts of damage.

Microsoft apologists will tell you that Unix (news - web sites) has many flaws, too. It's riddled with all sorts of holes. I'm not going to argue that point, but Unix is a legacy OS, not unlike DOS in its ancient heritage. And no Unix vendor has the resources of Microsoft. Microsoft is the world's biggest software company, period. It should act the part.

I haven't even bothered to mention Microsoft IIS, which has more holes than a wheel of Swiss cheese after a shotgun blast. Does anyone at Redmond care to hire people who can fix these problems, or are they going to issue makeshift patches day after day?

Gates was right years ago when he said that the market could change instantly and put Microsoft out of business. All we need is something else! Anything!

Back To The Study