Maybe it’s time to get…

Maybe it’s time to get a Mac

Research firm Gartner issued a note late Thursday that raises serious questions about Microsoft’s internal commitment to rid its operating system of security holes that make worms such as MS Blaster, SQL Slammer, and Code Red possible.

The report from Gartner was spurred by the Abstract Syntax Notation vulnerability which Microsoft made public and issued a corrective patch for earlier this week. The vulnerability affects most every modern version of the Windows operating system and most security experts agree systems that aren’t quickly patched are at high risk of hacker attacks or a quick-spreading Internet worm.

This latest security hole is appalling. I agree with Gartner, Microsoft, by design or by incompetence or both, appears asleep at the wheel. And that puts most any Windows computer in serious danger.

How bad is this hole? From respected Windows expert Brian Livingston in his Brian’s Buzz newsletter –

The weakness allows an attacker to gain total control over vulnerable Windows machines across the Internet, without any need for users to open an attachment or even view an e-mail. No actual exploit has yet been found on the Web, but it’s considered only a matter of time before working code is released that could lead to the compromise of millions of PCs.

But a controversy has broken out over the length of time – six months – that Microsoft took to release the patch after being notified of the problem, especially considering the severity of the threat.

Meanwhile, source code for Windows 2000 and NT has leaked out onto the Net, where virus writers no doubt will happily be reviewing it looking for security holes.