Since so many Akamai customers and the wider public run on Microsoft infrastructure, I frequently write about the software giant here. Most of the time, it's to give people the head's up on upcoming patches, or to explain how Akamai security protects customers from weaknesses on the Microsoft side.
Because of all the flaws and attacks Microsoft users have suffered from, picking on the company became a popular activity in the previous decade. But 10 years after the era of big worm attacks like Blaster and Sasser, Microsoft deserves a lot of credit for turning things around.
A blog post
from F-Secure Chief Research Officer Mikko Hyppönen has me reviewing recent history. In his post, Mikko starts with what life was like a decade ago. He writes:
If you were running Windows on your computer 10 years ago, you were running Windows XP. In fact, you were most likely running Windows XP SP1 (Service Pack 1). This is important, as Windows XP SP1 did not have a firewall enabled by default and did not feature automatic updates.
So, if you were running Windows, you weren't running a firewall and you had to patch your system manually - by downloading the patches with Internet Explorer 6, which itself was ridden with security vulnerabilities. No wonder then, that worms and viruses were rampant in 2003. In fact, we saw some of the worst outbreaks in history in 2003: Slammer, Sasser, Blaster, Mydoom, Sobig and so on.
He goes on to describe Microsoft's turnaround: Launching the Trustworthy Computing Initiative, halting all new development for a time so it could find and fix old vulnerabilities and, of course, developing much more secure versions of Windows and Internet Explorer. Windows 7 and 8 have been a huge leap forward over Windows XP. And every version of Internet Explorer since IE 6 have brought steady security improvements.
When Blaster hit I was editing for a daily newspaper and had no idea what patch management, software vulnerabilities and malware were. But Blaster was a big enough deal to make the front page of my paper.
Within 10 months I'd get a crash course. In fact, my first day as a security journalist happened to be the third day of attack from another worm called Sasser. An analysis of Sasser
was the first article I ever wrote about anything having to do with InfoSec.
Interestingly, one of the companies I often quoted during worm outbreaks was Akamai. Back then almost nobody thought of Akamai as a security player, but if a serious worm outbreak was clogging up Internet traffic, the company had a ring-side seat -- a vantage point like no other.
Here we are a decade on. I'm part of Akamai's security team, my home machines have Windows 8 (my work machine is a Macbook Pro) and worm attacks don't happen the way they used to.
The bad news, as Mikko correctly points out, is that we are fighting a different enemy who is financially motivated and far more sophisticated. That has made Akamai's security operation more important than ever. As attacks against commercial entities have become a 24-7 affair, Akamai has become the main line of defense between customers and the bad guys.
But Microsoft has made a huge difference and conducted a spectacular turnaround, and they deserve a tip of the hat.