On Aug. 11, the Blaster virus and related bugs struck, hammering dozens of corporations, including Air Canada’s reservation and airport check-in systems. Ten days later, the SoBig virus took over, causing delays in freight traffic at rail giant CSX Corp. and shutting down more than 3,000 computers belonging to the city of Fort Worth. Worldwide, 15% of large companies and 30% of small companies were affected by SoBig, according to virus software tracker TruSecure Corp. Market researcher Computer Economics Inc. estimates damage will total $2 billion — one of the costliest viruses ever. All told, damage from viruses may amount to more than $13 billion this year.
$13 billion is a lot of money, even to MSFT. But their license agreements — or more precisely our willingness to agree to them — absolve them of any liability.
[ . . . . . ]
Ralph Szygenda, chief information officer at
General Motors Corp., got fed up when his computers were hit by the Nimda virus in late 2001. He called Microsoft executives. “I told them I’m going to move away from Windows,” Szygenda recalls. “They started talking about security all of a sudden.”
Last year, amid much fanfare, Microsoft launched its Trustworthy Computing initiative, a campaign it claimed would put security at the core of its software design. As part of the campaign, more than 8,500 Microsoft engineers stopped developing the upcoming Windows Server 2003 and conducted a security analysis of millions of lines of freshly written code. Microsoft ultimately spent $200 million on beefing up security in Windows Server 2003 alone. “It’s a fundamental change in the way we write software,” says Mike Nash, vice-president for security business. “If there was some way we could spend more money or throw more people on it, believe me, we’d do it.” Yet, embarrassingly, Windows Server 2003, released in April, was one of the operating systems exploited by Blaster.
Gah. What good does it do for them review their own code? I think we see the results . . . .