- Bashing Microsoft may be popular sport on some issues, but the security breach that the company recently suffered has many corporate information technology users waxing sympathetic.
Several users this week said the incident — in which a hacker gained access to certain parts of Microsoft’s internal corporate network — did nothing to change their perceptions or opinions of the software maker or its products. They also said it won’t affect their purchasing decisions.
"I don’t think any less of them," said Jeffrey Ratner, director of IT engineering at Phoenix Home Life Mutual Insurance Co. in Hartford, Conn. "I know how things go. I feel bad for them."
Security breaches have become so routine, "after a little while, you stop noticing," said Rick Waugh, a project manager at Telus in Burnaby, British Columbia.
"Security is a moving target, and if they can be hit, we can all be hit," said Cathy Hotka, vice president of information technology at the National Retail Federation in Washington.
"These things will be happening all the time. It’s just the nature of technology," said Richard Viard, co-founder and senior vice president of research and development at SmarterKids.com Iin Needham, Mass. "There will always be somebody to outsmart you."
A security breach at one of the world’s largest and most powerful technology companies didn’t make Viard feel any more vulnerable than he already did, he said. "We’ve always been paranoid about this stuff," he said. "You can be very prepared, but you can never be impenetrable."
Much of the sympathetic response from IT professionals stemmed from their intimate knowledge of the struggle every company faces when trying to secure its own network.
"We understand exactly how difficult it is to avoid being hacked in multiple layers," said one IT executive at a large financial service provider. "We have hacking attempts every day, \[although\], I’m sure, less than Microsoft. There are lots of people trying all the time."
"Sometimes they get through one layer, but that’s about it," he continued. "We do reports every day to see what our vulnerabilities have been, plus we test against ourselves on virtually an everyday basis."
But no matter how much monitoring the company does, the executive noted, "A lot of times, you can’t tell" what happened. "You stop something at the door and you don’t know what it is," he said.
Ratner said he respected Microsoft’s decision to acknowledge the incident, discuss which code was affected and stop the breach. "It seems to me they’re trying to change their company philosophy," he said. "They’re being more open."
Ratner added that it was to Microsoft’s credit that it caught the breach. "Something like that can go on for a long time."
But Wayne Richards, a senior technical support analyst at Goodyear Tire & Rubber in Akron, Ohio, questioned Microsoft’s tactic of monitoring the hacker’s moves for several days once the security breach was discovered.
"I hate to say it, but if a hacker got in here, we wouldn’t be monitoring his moves. He’d be cut out," Richards said.
Richards said Microsoft should be concerned that product secrets might have been stolen. "If people steal code and post it on the Internet, people will be writing stuff that will interface with Microsoft products and file formats, and you might find it coming out on other platforms, showing up anywhere," he said.
Richards said he expects to see more break-ins, not just at Microsoft but also at any company that buys into the Microsoft .Net platform, in which software becomes an Internet-based service.