Forget Blaming Microsoft or Google – Blame Yourself
People from all walks of life including influential decision makers are quickly firing off ye ole “Blame Microsoft” rants this week after another debacle involving Google and China. The debacle involved so-called State Sponsored (from China) “hacktivities” to compromise Gmail accounts. The attacks were – as we’re told – targeted towards Internet Explorer version 6 (IE6). I’m curious to know why someone is even bringing Microsoft into this mix. I say, blame those still using IE6. There certainly is a lot of controversy surrounding China’s “hacktivities” [1,2,3] and security theater  in the past so this won’t be discussed right now. What I will discuss for a few paragraphs, is pure common sense for a little bit.
Imagine for a moment that you are a new parent. You purchase a crib and get your proper usage of that crib. As time goes on, you never rid yourself of the crib and leave it lying around for a couple of years. Move ahead 10 years later, the crib maker has since released many versions of the crib and has notified you time and time again – this crib is EOL’d (end of life’d – retired).  There are so many security risks they suggest that users of CribVersion whatever, move to the latest crib. As a consumer you have a choice, you either deal with that crib, or find another one. [6,7] It is that simple.
Moving on, nine years pass and you have another child. You decide to go back to the old crib you’d been using for years – this after the fact that you’ve seen through those nine long years – the recalls, the security issues associated with that crib. The question is now, whose responsibility is the safety of your child at this point? Your own or the manufacturer of the crib. If you answered the latter – I suppose your children themselves have a lot more to worry about in their lifetime.
The same logical method applies – or at least should apply – to just about anything you can think of. Whether its a browser on an operating system, a washing machine for your home or even tires for your car. Companies who were using IE6 and were compromised obviously have little concern for the data on their systems nor the clients who pay for their services. They deserve to be taken to court and held accountable for their stupidity and I state this with conviction. Patches, upgrades and warnings were as obvious as the statement “tomorrow is another day.”
Someone would have to be an Internet caveman to have been online for 9 years (IE6 was released 12/31/2001) and not see the issues with Internet Explorer. It has been hacked, broken, replaced, patched and countless articles have been written on the dangers of Internet Explorer as a whole (all versions) – that it is actually surprising that anyone even uses IE – let alone complain that they were compromised after using IE6. I refer back to the crib analogy.
None of those 30 companies mentioned deserve any sympathy – not one IOTA of them. For starters, Microsoft Updates tried in a decent fashion to rid users of IE6 which means – someone wasn’t even updating their machines. I personally don’t even believe that any decent security patching up until about 2007 would have allowed for IE6 to remain on a system. It is now obvious that if any of those businesses were tasked with meeting any compliance mandates, they failed miserably. Shifting the blame is an altogether different story. Don’t blame Microsoft on this one, blame the administrators and owners of those machines.
As for the Google slash media spin of shifting the blame to Microsoft, the obvious answer to the problem is (drum roll): Use Google Chrome. Right away. A browser is a browser is a browser – had those machines that were compromised – been kept up to date, the likelihood of this attack even making the news would be close to none. It seems that Google is what seems to be opportunistically – taking a swipe at Microsoft because of an instance of Gmail attacks – searching for a sympathetic ear.
Had Google an idea of what was really occurring during the compromise phase, they could have easily inserted a script that when a user landed on Gmail, it would have redirected users of affected browsers to warning page: “Beginning INSERT_DATE_HERE, you will no longer be able to access Gmail using IE6. Please update your browser as it exposes you to a lot of risk” or something along those lines. This would have given Google a more “caring” like approach. “Aww, Google cares for my security!” If anyone can make something move on the Internet it certainly is Google. Google to their credit warned users in 2008 to drop IE6  yet everyone is shifting the blame to Microsoft. I say, blame the users.
Leave a Reply
You must be logged in to post a comment.