You might have seen the latest article about the lack of security in Microsoft products. It was picked up widely by the mainstream newspapers. According to a study by Forrester Research, three-fourths of computer software security experts at major companies do not think Microsoft’s products are secure.
Most of the articles omitted another statistic. Microsoft had released patches for the last nine high-profile Windows security holes almost a full year prior to each attack that made headlines – an average of 305 days before each hole was widely exploited. Naturally, the “security experts” were full of reasons that it was Microsoft’s fault that the experts hadn’t secured their systems, despite having had a year to do so in each case.
This week’s security problems weren’t widely reported, since they didn’t concern Microsoft and what fun is that? Serious holes were discovered in RealPlayer and Quicktime media players. And the second critical vulnerability in a month was discovered in SendMail, the Unix software which processes 60 to 70 percent of the world’s e-mail.
Microsoft is imperfect and occasionally infuriating, but as always, keep the reporting in perspective.