May 10, 2005 4:00 AM PDT

OS makers: Security is job No. 1

Look beyond the bells and whistles, and make sure the security's tough.

That's the attitude of operating system makers, who aren't just focusing on features such as snazzy graphics and better networking tools when revamping products. Now they're also providing sturdier defenses.

The new generation of OSes includes improvements aimed at keeping data more safe. Microsoft, long the target of hackers' efforts and resulting customer ire, has promised anti-spyware and other tools in the upcoming version of Windows, code-named Longhorn. And while they aren't as aggressive about marketing their security efforts, Apple Computer and Linux-seller Novell recently released updates with an eye to stronger defenses.

News.context

What's new:
The next generation of operating systems focuses as much on tough security as it does on whistles and bells.

Bottom line:
Development of better defenses is a response to growing frustration among consumers, who are fending off a rising tide of viruses and fraud threats.

More stories on OS security

That doesn't mean companies aren't still serving up other advances, such as smoother collaboration or more-comprehensive search. But given home PC owners' growing worries about security, OS makers are aiming to prove they are trying harder to prevent software vulnerabilities and protect against outside attacks.

"The OS makers know that their futures depend on the trust that buyers have with their products, and buyers aren't trusting computers today," Forrester Research analyst Ted Schadler said. "We know that people are downloading less music, shopping online less and steering away from online banking because of security fears."

Several high-profile incidents of data theft, such as the ChoicePoint breach, have highlighted the need to protect confidential personal information. Alerts about phishing and other online fraud schemes have further publicized the risks. On top of this, malicious code writers have not let up on sending out traditional PC viruses.

Even though these consumer security threats sometimes take advantage of weak points in technologies other than operating systems, or exploit people's habits, OS makers often bear the brunt of the blame for them, Schadler said.

"(Security) is a problem that consumers are increasingly aware of and angry about, and they want to blame someone," he said. "The OS players are taking notice because they have to."

For Web designer Eugene Abovsky, 23, helping his friends and family members keep their PCs running smoothly and securely in his spare time has become an uphill battle as security concerns multiply. Abovsky works only with Microsoft's Windows, and he said that juggling patches and warding off "malware"--malicous software--have become time-consuming ventures that leave him frustrated with the software giant.

"Microsoft should be ashamed at the level of protection they provide to the average consumer who uses Windows," he said. "Almost all of the Windows computers I deal with in the homes of people I know have been so infested with spyware, malware and adware that they are almost unusable."

For Microsoft, the dominance of Windows and a string of high-profile vulnerabilities have translated into serious headaches around attacks and security. In addition, the company's software has historically come under more attack from hackers than that of its rivals.

To respond to these, Microsoft developed its Trustworthy Computing initiative, launched in 2002, which aims to improve the security and public perceptions of its products. It also issues a monthly bulletin of security patches, and its last significant update to the full version of Windows, Service Pack 2, was centered on security.

The results of those efforts have produced, in Longhorn, an operating system that will more aggressively defend computers, said Greg Sullivan, lead product manager at Microsoft. Among other defensive moves, it actively fights the installation of malicious programs such as spyware and automatically quarantines devices that could have acquired viruses outside home or business networks, he said.

"Clearly we have a very significant role to play in making sure that our platform is one that customers can use safely and securely, and that's

CONTINUED:
Page 1 | 2

11 comments

Join the conversation!
Add your comment
I'm not sure...
why it has taken this long for any OS maker to focus more on security. In my opinion security became the number one issue when people started connecting computers together.

Either way better late than never. I still think though that by default an OS shouldn't install anything other than what it requires to run the OS. Users (or their guru's) can then select before or after installation the extra features they want.
Posted by System Tyrant (1453 comments )
Reply Link Flag
One one OS maker has no put security at the top of the list
Everyone else has been doing a good job all these years, and are getting better and better.

The other OS maker, has never put much priority on security, and time will tell if their next OS is not the same security mess that all the previous ones have been.
Posted by pcLoadLetter (395 comments )
Reply Link Flag
True
Apple does need to do a lot of work, but they are trying.
Posted by Andrew J Glina (1673 comments )
Link Flag
Marketing
I love how Apple portray the using of Open Source as a choice, as opposed to the not being able to write their own kernel. If Apple felt that Open Source was the solution to security and stability then all of MacOS X would be Open Source.
Posted by Andrew J Glina (1673 comments )
Reply Link Flag
Why?
Do stupid things, and you can get in trouble. It is no diferent on any OS. There are just more people out there who are targeting Windows to gain from stupid people. Perhaps there are more stupid people using Windows, but it does not mean that it is Microsofts fault.
Posted by Andrew J Glina (1673 comments )
Reply Link Flag
Ooops
That was supposed to be a reply to "Pcloadletter". Coffee!
Posted by Andrew J Glina (1673 comments )
Link Flag
Security is a prime responsibility....
... for any OS developer. But at the same time, OS development
is a process driven by risk assessment. You can never do it
perfectly, so you come as close as you can where you need to.
But defining where that need exists has been a najor failure,
partly because of questionable programming techniques, and
partly because the OS developers didn't recognize where they
were leaving security holes.

Windows has been plagued by the MS decisions to make the
Windows OS a marketing tool first and an OS second. Logically,
there s no compelling reason to 'bundle' all sorts of second level
functions into an OS - except to block competitors. That MS
mistake meant that the focus in the development was on
bundling, and many of the subfunctions needed to implement
bundling are also the security holes.

MS can fix the problem by writing a true OS, properly structured,
and properly supported by all the independant apps needed to
achieve MS's view of functionality. That's not going to be
Longhorn/Shorthorn/Airhorn or whatever else comes out as the
next generation Windows, This one is three years and a mindset
change away in good weather. And there also may be a need to
abandon the curretn PC motherboard and processor designs as
being too overloaded for the basic capability. After all, a Pentium
4 is little more than an Intel 8088 on steroids. And no one yet
has taken any responsibility for PC motherboard design control.

You can knock Apple all you want, but Apple knew when to
terminate legacy motherboard, processor, and OS designs and
to move on to more performance

In the meantime, MS can blow all the smoke they want about
their concern for security. And they can issue band-aid after
band-aid to 'ugrade' security. But more holes will constantly
appear. It's the price paid for the MS corporate goals.
Posted by Earl Benser (4310 comments )
Reply Link Flag
Troll
That essay is just plain silly. But two points stand out;

1. P4 is a 8088 on steroids.

If you said that a PIII was a 386 on steriods I might agree. But the P4 has very little in common with a 8088. You could also say that a PowerPC was a 801 minicomputer on steroids.


2. MS should make a true OS.....bla bla... Apple

If you said Linux or BeOS I would say you have a point, but Apple have not written a structured OS, although they might written a structured GUI.


Either find some real arguments or cause trouble elsewhere please.
Posted by Andrew J Glina (1673 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.