Robert X. Cringely has signed off on the "Internet Apocalypse
via Windows XP's use of raw sockets" theory, saying it's an
opportunity to make a bad situation worse, and a chance to push a
proprietized "TCP/MS".
"As events of the last several weeks have shown,
Microsoft Windows, e-mail and the Internet create the perfect
breeding ground for virus attacks. They don't even have to exploit
Windows flaws to be effective. Any Visual BASIC programmer with a
good understanding of how Windows works can write a virus. All that
is needed is a cleverly titled file attachment payload, and almost
anyone can be induced to open it, spreading the contagion. It is
too darned easy to create these programs that can do billions in
damage. The only sure way to fix the problem is to re-stripe the
playing field, to change the game to one with all new rules. Some
might argue that such a rule change calls for the elimination of
Microsoft software, but that simply isn't likely to happen. It's
true that Linux and Apache are generally safer than Windows 2000
and IIS, but Microsoft products aren't going to go away. I promised
you an answer to how to secure the Internet, and I mean to come
through. First, we'll start with the way I would do it, then follow
with a rumor I have heard about one way Microsoft might want to do
it.
The wonder of all these Internet security problems is that they
are continually labeled as "e-mail viruses" or "Internet worms,"
rather than the more correct designation of "Windows viruses" or
"Microsoft Outlook viruses." It is to the credit of the Microsoft
public relations team that Redmond has somehow escaped blame,
because nearly all the data security problems of recent years have
been Windows-specific, taking advantage of the glaring security
loopholes that exist in these Microsoft products. If it were not
for Microsoft's carefully worded user license agreement, which
holds the company blameless for absolutely anything, they would
probably have been awash in class action lawsuits by now.
Of course, it is not as though Microsoft intended things to be
this way. No company deliberately designs bad products. But you
must understand that Microsoft limits its investments to things
that will enhance a product's market share. Every feature in
Windows had to pass the litmus test, "Does it increase market
share?" Putting security safeguards in their products evidently
failed the litmus test, and therefore weren't added. While it is
true that virus authors will target platforms that give them the
most bang for their programming buck, the Windows platform has
virtually no security to even slow them down. I believe the lack of
security in Microsoft software was a deliberate business
decision."