Why Do I Have To Patch Windows - Shouldn't It Have Been Made Secure with Windows 3.0?
Recently I was asked this question : "Why do we have to patch Windows all the time? Couldn't Microsoft have built a secure OS from day 1 for Windows 3.0, Windows 95 or any of the other OS's so it doesn’t have to be patched?" I was quite surprised at the question as I know the answer and had never thought that others might not. There are probably many people out there who are asking the same question, so I will start by introducing you to what makes the objects, browsers, pictures etc, that you see with Windows every time you turn on your computer. I will also explain why we need patches for all the software we use.
All computer programs are built using a 'computer language'. There are many computer languages with different applications, and more being developed all the time. The original languages had names like 'Pascal' and 'Cobol' and were used to develop different types of software programs. Then came 'object oriented' programming, with 'C' being the most popular at the time, for building graphical programs. Using an early form of ‘C’, 'Windows' was born. Today there are hundreds to thousands of programming languages, all used for different types of programs. Some of the old languages are now obsolete, but others like 'Pascal' are still used for specific types of applications.
If you've ever used Notepad to open a file that is not a text file, and saw a lot of squiggles, boxes, symbols, letters and numbers, then you have seen what a programming language looks like. Each language interprets the squiggles, boxes, letters, numbers and symbols, differently, just as spoken/written languages have different meanings. For Example: the differences between English and Hebrew, Russian, Arabic and Chinese. The evolution of a computer language occurs, just like spoken language. In spoken language, slang words become common use words, phrases have different meanings to different people and the spelling of common words in the same language is often different from one country to another. The same thing occurs in computer languages to improve software, or make it easier to use.
The first Windows was Windows 3.0, an extension of DOS. Most people have heard about DOS, but many have never seen it. Windows 3.0 provided a graphical image, but DOS was text oriented. As Windows the Operating System (OS) evolved to Windows 95, 98, 98SE, ME, XP and now Vista, the languages that built the different versions of the Windows OS, changed and evolved as well.
Whether it is an Operating System or software program, the programmer uses a current computer language appropriate to design the software he wants. However, to improve his final product, the programmer will often make changes to the computer language itself, and in this way, the computer language evolves. Similarly, when a programmer designs a new game, they change and adapt the language to create an improved or unique product.
Over the years, computer languages have evolved and changed to meet the needs of the marketplace. As new computer hardware was produced bigger and better programs were able to run on each new design. As the hardware improved, the driver software to run the hardware had to change.
If you compare the changes in computer languages to the evolution of the English language since the 16th or 17th centuries, even changes to the spelling and use of certain common words in different countries, (the word “colour in commonwealth countries vs. “color” in the US) you can see some of the reasons why patches are a necessary part of computer use. Computer languages have had similar changes, leaving the interpretation of the language to the programmer.
Windows 3.0 was built for 'Ease of Use' if compared to DOS. Pictures/graphics were the way to involve even the most illiterate computer user before many had a home computer. The public demanded more detailed graphics, so each new version of Windows became larger because more graphics/pictures take more room on a hard drive. Then the demand was for better hardware to store and run the larger and more graphic software. It became, and still is a competition between the software designers and the hardware manufacturers to meet supply and demand. In the early years, little thought was given to Security because the Internet explosion had not started and the criminal profiteers had not found how lucrative they could make the Internet, yet.
In the last few years, Security has become an issue and is still a growing concern. In the days of Windows 3.0 and 95 there was little mention of adware, spyware, malware and other intrusions onto an individual's computer, but viruses and trojans were becoming an issue. Third-party Anti-virus programs for the OS were designed and recommended for everyone, but viruses and trojans seemed to be more a problem of the business world as home computing was just starting.
The explosion of people buying home computers, and connecting to the Internet, started and along with it came the 'bad guys', for fun and profit. By the time this became public knowledge Windows 98 was the OS of choice for many. The proliferation of Adware, Spyware, and Malware started to affect the home user. 'Holes' or ‘vulnerabilities’ were being found in Internet Explorer, Outlook, Outlook Express and the OS, Windows 98.
Then the criminal element realized that they could make use of these holes, and were able to get information from a person's computer to use for their own gain. Patches were created by Microsoft for the user to download so that the holes could be closed protecting the user from the bugs. As time passed, more vulnerabilities and holes were found and exploited by the bad guys. It became a contest between Microsoft and the bad guys to prevent the user from being attacked by the malware writers.
The really nasty malware started appearing, with theft of Identity often the target. These criminal industries are growing very rapidly and the legitimate software programmers are now attempting to build security into the programming language they use. This is not as easy as it sounds, because faster than computer programming languages evolve, new malware appears, giving the 'bad guys' more targets. Unless/until these security holes are known, there is no way to build security into a new OS or program. Hindsight is often the only way our software programs become secure.
Security has become a major focus for most software developers, especially for those designing a new OS. The public is now demanding that the developers try to prevent Hijacks, Spyware, Adware, Malware and in the last few years Identity Theft. Some of those vulnerabilities come from third-party software programmers that do not care about security when they design their software.
The question I was asked "Why do we have to patch Windows all the time? Couldn't Microsoft have built a secure OS from day 1 for Windows 3.0, Windows 95 or any other OS so it doesn’t have to be patched?" should have some answers now. To those who think that Microsoft should have been able to build Windows securely years ago, to prevent today's criminals from using computers for their evil, should look at the difference in size and complexity of the software used today as opposed to the software back in the late 80’s and early 90’s. The computer language that Windows 3.0 was designed in, has evolved many times over, the number of home computers has exploded and computer crime was not even contemplated back then.
To me this question was similar to asking why the cars back in the 1920's didn't have air conditioning or why any new car sold today isn't without any flaws. Taking into account the fact that the languages have changed and evolved over the years, from very small and simple programs or OS, to very large complicated programs today, it becomes clearer why any software written years ago, was not built securely enough to prevent the attacks we see today.