By silicon.com, 8 March 2004 18:15
NEWS 08.03.99: Microsoft has admitted there is a security flaw in the latest version of its Windows operating system that allows the software giant to collect private user information.
The problem was discovered by developer and president of Phar Lap software, Richard Smith, who claimed a unique ID number was transmitting a code to Word and Excel documents enabling Microsoft to trace the author of the documents.
David Weekes, Windows 98 product manager, said: "The flaw affects service packs and registration to the Windows 98 update. There is a section where the user can choose whether or not to send up details of their hardware configuration and it is here that we found the problem occurred. But we are working on a patch to fix it."
But Simon Davies, leader of privacy lobby group, Privacy International, accused Microsoft of breaking data protection laws in at least six European countries.
"It's clear to us that companies take information by stealth. There is a pathological need to collect information and Microsoft is proving that point. Collecting this information is a value add for the company as it gives them more marketing opportunities. But what they are doing is in violation with data protection laws which say companies have to be open and transparent in gathering information and receive consent from the individual - this is simply not followed," he said.
But Weekes denied the allegations. "There are privacy laws dotted all over the place and with the current situation it would be very silly of us to [openly flout the law]. We take confidentiality very, very seriously indeed. We are already working on getting rid of the database that holds the information and we have a patch so it will not happen again."
08.03.04: Security flaws? In a Windows operating system? Surely not. Similar instances in the ensuing five years are too plentiful to mention - though few have been as controversial as this with remiss coding, rather than spying, the most common accusation levelled at the Redmond giant.
Rarely does a month or often even a week pass without one flaw being exposed - or less often exploited.
Part of the blame must lie with IT managers or others charged with keeping up to date with a patching strategy. The SQL Slammer worm which struck last year took full advantage of a flaw which was several months old and for which a patch had long since been available.
However, the underlying truth is that Microsoft ships buggy software - a reputation it is working hard to shake but which it is likely to be some time before it manages to do.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below