WSJ "MX 'Open Design' Issues Revealed"
The inherent security vulnerabilities of Microsoft (MS) Windows operating system (OS) have been brought back into the spotlight due to a global IT crisis that caused widespread disruptions in aviation, telecommunications, and finance, reported the American daily The Wall Street Journal (WSJ) on the 21st (local time).
The IT crisis that occurred on the 19th began when a security program distributed by cybersecurity firm CrowdStrike conflicted with MS Windows.
As a result, 8.5 million devices running Windows experienced the "Blue Screen Of Death" (a phenomenon where the computer screen suddenly turns blue), and the aftermath sent shockwaves throughout global social and economic sectors.
WSJ stated that this IT crisis clearly exposed the problem of MS Windows' "open design," which allows an obscure software company to potentially disable millions of Windows computers.
Thanks to MS adopting an open design decades ago, developers could access the Windows OS kernel (the core component of a computer operating system) and develop powerful software that interacts with the OS at a very deep level. However, if something goes wrong like this time, it can lead to fatal consequences.
Additionally, WSJ reported that computers and servers running MS software have long been plagued by repeated hacking attempts from groups or criminal organizations supported by Russia and China, making security a longstanding Achilles' heel for MS.
This issue was also directly raised by CrowdStrike, which caused the IT crisis, earlier this year in January. The company's CEO, George Kurtz, stated in a broadcast interview that after MS revealed "a Russian hacking group hacked internal company accounts and accessed email accounts of senior executives," this was "a systemic failure of MS, putting not only customers but also the U.S. government at risk."
Two months later, the U.S. Department of Homeland Security's Cyber Safety Review Board released a report stating, "MS's security culture is inadequate, and given MS's centrality in the tech ecosystem, a comprehensive review is necessary."
Experts criticizing MS's security practices pointed out that as MS transitioned to cloud computing systems, it neglected improvements to existing products vulnerable to hacking, such as Windows, email, and enterprise services. This increased the need for security software like those provided by CrowdStrike.
Dustin Childs, who worked as a security expert at MS, noted, "If there had been a culture prioritizing security, such products (third-party security programs) would have been safer to exist or might not have been necessary at all."
An MS spokesperson rebutted, stating that the company cannot operate its OS like Apple because it has an agreement with the European Union (EU). MS explained that since 2009 it agreed with the EU to grant security software companies the same level of Windows access as itself, making it inevitable to maintain openness.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
