Microsoft refuses to play security game

Written by Joey Gardiner, Contributor


Microsoft has turned down an opportunity to prove its faith in the security of its software. Eddie Bleasdale, CEO of open source consultancy Net Project, called on Microsoft to match his Linux challenge, which offers £10,000 to the first developer to infect its Linux machine. Microsoft refused to demonstrate the security of its software in such a way. Microsoft has been much criticised recently for poor security, particularly in the light of virus attacks such as Code Red and Nimda which took advantage of vulnerabilities in the IIS web-server software. Last week a senior Microsoft security executive blamed the security flaw on 'lazy' systems administrators for failing to properly configure or patch the software that was to blame, not the software itself. Net Project's Bleasdale said: "If Microsoft is so confident its software can be configured to be totally secure, then why isn't it able to match my offer? Microsoft should take one of its own machines, and put its money where its mouth is." Bleasdale says he knows of no way a computer running Linux can be infected by a virus if it is properly configured, and has offered £10,000 to the man that can do it. A spokeswoman for Microsoft said: "We wouldn't enter into any such situation of giving away money to prove our security. This is viewed by Microsoft as a PR-stunt, and we don't need to do this." Microsoft refused to comment on whether was able to configure one of its machines to guarantee no viruses would be received. The spokeswoman added: "There are a number of simple steps anyone can take to make running Microsoft software secure, such as using up-to-date anti-virus software, applying patches and not running executable files for example. A number of viruses have been written for Linux, but Microsoft still gets the attention because it's by far the biggest target." Net Project's £10,000 offer has itself caused some controversy within the open source world. Some have accused it of encouraging potentially criminal behaviour, and others of increasing the danger of damaging malware being written to run on Linux. Net Project's Bleasdale has not yet provided an IP address, url or email address for the computer he wants virus writers to target.
Editorial standards