Is It Time for a Virtual CDC?

Stopping Today's Security Threats Has Proven Too Much for Corporate America

Today, digital viruses are as great a threat as their real world counterparts. Sensitive information ranging from personal credit data, bank accounts, medical records and more are stored on computers running some flavor of Microsoft's operating system. Yet Microsoft waits weeks to acknowledge a flaw in the software, and still longer to fix the holes.

If the real Center for Disease Control was run by Microsoft, an Avian flu pandemic would have wiped out most of North America long before Microsoft even acknowledged the existence of a virus.

There are few reasons for Microsoft to bother fixing security holes with the expediancy necessary to prevent damage on a large scale. For one thing, its in the interest of Microsoft's public relations to ignore potential security flaws. While at this point, few people probably trust MS software to be flaw free, every public announcement of a security flaw detracts from the image of the company.

Second, having a full time team of digital "doctors" on call to respond to threats immediately costs alot of money. Microsoft obviously is not short on cash, but from a business stand point, the company has little interest in developing software that ultimately is being distributed for free.

That brings up another point. Microsoft has been making inroads into the rather lucrative anti-virus, anti-spyware software business arena. The latest version of Windows has inspired anti-virus maker Symantic to even file suit against the company for allegedly infringing on Symantic software patents. Once Microsoft is able to profit from preventing virus infections, expect "security holes" to exist for even longer because the company will have a financial incentive to sell propietary anti-virus software.

Yet another reason not to entrust Microsoft to patch security holes is the company's recent anti-piracy measures. Of the millions of computers running windows worldwide, a good number of them are running cracked copies of windows. Now though, for customers to gain access to security patches, users must also download an anti-piracy spyware program developed by Microsoft. Has the end result been for millions of illegal copies of Windows to suddenly be paid for? No, indeed, the real result is there are now millions of computers without the latest patches and are hence millions of computers vulnerable to infection.

Law and order types might declare that users running pirated copies of windows will get what they deserve if they become infected with a computer virus because they fialed to download new security protocols. But guess what, its not a problem confined to their machines. On the global network of computers, every user effects every other user.

Perhaps, for instance, you are a user of a legitimate copy of windows and have all the proper security fixes. Indeed, perhaps even you are smart enough or lucky enough never to have been a victim of a virus or a phishing scam. But what about your bank, your doctor's office, or your credit agency? You're information is only as secure as their computer systems. And of course, many of todays' viruses only need to infect a small number of computers connected to the internet before they act as mindless spam robots or launch a denial of service attack on your favorite website. Indeed, computer security is only as strong as the weakest link, and now, thanks to Microsoft anti-piracy spyware, the weakest link is every computer not running a legitimate copy of windows.

Loyal Mac users will probably point to one or all of these reasons as why they prefer their little Apple computers. But don't be so smug. The last few months have brought a number of Mac based viruses, and if Apple computer ever makes a comeback in the personal computing market, expect even more. Just look to the success and failure of the Firefox browser.

The Firefox browser is an open source internet browser developed as an alternative to the flawed Internet Explorer developd by Microsoft. At first, Firefox was a safe alternative to explorer. Explorer had a number of security holes that easily allowed dubious websites to install malicious software on users who simply browsed their pages or clicked on links sent to their email. Yet, as Firefox grew in popularity, so did threats to the integrity of the software. Today, Firefox users should not assume they are immune to various infections just because they are using an alternative browser. Likewise, Mac users should be worried too.

Just as Microsoft hesitates to admit security flaws, Apple would also like to pretend that everything is okay in the Garden of Eden. Apple's television ads plain out deny the Mac OS vulnerability to viruses, yet these viruses do exist.

So yes, it is time for a virtual CDC. A virtual CDC would work with Microsoft and Apple (and any other vender of Operating Systems) to patch flaws in the operating software. This would remove the burden from these companies to develop software patches that ultimately are given away for free.

In turn, the Virtual CDC would be able to react more quickly than MS or Apple to threats. The Virtual CDC would post warnings more quickly because there would be no fear of a drop in the price of stock. The agency would be a government facility: properly crafted legislation creating the virtual CDC would also compel the companies to share the source code of their operating systems, but without fear of a competitor running off with the companies' trade secrets.

Microsoft, and to some extent Apple, has proven time and time again that their operations are incapable of dealing with security holes in an appropriate and timely fashion. The threats posed to the operating systems that run the world's computers and the data stored on those computers offer a clear and present danger to the United States. Now is the time to take action, not after a virus infects a critical government computer that launches a nuclear strike.