Chapter 2/ Overview of Anti-Forensics
vulnerabilities as any other software vendor (Oracle was in second place with
13 Linpatched holes). Supposedly Microsoft considered the problems to be of
low severity (e.g., denial of service on desktop platforms) and opted to focus
on more critical issues.
According to the X-Force 2009 Trend and Risk Report released by IBM in
February 2010, Microsoft led the pack in both 2008 and 2009 with respect to
the number of critical and high operating system vulnerabilities. These vul¬
nerabilities are the severe ones, flaws in implementation that most often lead
to complete system compromise.
One way indirectly to infer the organizational girth of Microsoft is to look
at the size of the Windov�s code base. More code means larger development
teams. Larger development teams require additional bureaucratic infrastruc¬
ture and management support (sec Table 2.2).
Looking at Table 2.2, you can see how the lines of code spiral ever upward.
Part of this is due to Microsoft's mandate for backwards compatibility.
Every time a new version is released, it carries requirements from the past
with it. Thus, each successive release is necessarily more elaborate than
the last. Complexity, the mortal enemy of every software engineer, gains
inertia.
Microsoft has begun to feel the pressure. In the summer of 2004, the whiz
kids in Redmond threw in the towel and restarted the Longhorn project (now
Windows Server 2008), nixing 2 years worth of work in the process. What this
trend guarantees is that exploits will continue to crop up in Windows for quite
some time. In this sense, Microsoft may very well be its own worst enemy.
Table 2.2 Windows Lines of Code
Version
Lines of Code
Reference
NT 3.1
6 million
"The Long and Winding Windows NT Road," Business¬
Week, February 22,1999
2000
35 million
Michael Martinez, "At Long Last Windows 2000 Operating
System to Ship in February," Associated Press, December
15,1999
XP
45 million
Aiex Saikever, "Windows XP: A Firewall for All," Business¬
Week, �une 12, 20D1
Vista
50 million
Lohr and Markoff, "Windows Is So Slow, but Why?" New
York Tin)es, March 27, 2006