Windows Azure and Zero-Day Flaws

My brain is trying to wrap itself around two of today’s news items.

The first is by SD Times reporter David Worthington, reporting from the Microsoft Professional Development Conference. His story, “Azure shines over Microsoft PDC,” covered the announcement on Windows Azure, now set to ship on Jan. 1, 2010. Windows Azure represents Microsoft’s extension of Windows into the Cloud, which means that more and more companies will be outsourcing their enterprise applications and data beyond their own data centers.

The second story was in Computer Reseller News. In “Microsoft Warns on Windows 7 Zero Day,” Kevin McLaughlin wrote about advisories on both Windows 7 and Windows Server 2008 R2. Microsoft says that there’s a vulnerability in the Server Message Block protocol stack, and a detailed exploit code has already been published.

I don’t know about you, but given the continuous stream of Patch Tuesday fixes that we’re seeing on product after product, I’m not sure that Windows is ready for the Cloud. Windows Vista, remember, was marketed as the most secure version of Windows ever. After years of complaints by customers, Windows 7 debuted to be the most secure version of Windows ever. And yet, Microsoft can’t seem to stamp out the security issues.

It should be enough to give the industry pause.

Alas, Apple – often worshipped as the anti-Microsoft – has its troubles too. Apple’s Mac OS X 10.6 “Snow Leopard,” which came out in August, was downplayed as a mere tuneup of the previous Leopard operating system release. Yet Snow Leopard has also been plagued by bugs and security glitches.

On Nov 9, Apple released its second major update to Snow Leopard, which addressed major flaws and security issues. It also published Security Update 2009-06 for Leopard, the company’s sixth big security patch of the year.

Can’t anyone get this right?