January 05, 2001, 1:13 PM — Bashing Microsoft Corp. may be popular sport on some issues, but the internal security breach that the company disclosed late last month has some corporate information technology users waxing sympathetic.
Several users last week said the incident -- in which a malicious attacker gained access to certain parts of Microsoft's corporate network and was able to view the source code for an unspecified future product -- did nothing to change their perceptions or opinions of the software maker or its products. They also said it won't affect their purchasing decisions.
"I don't think any less of them," said Jeffrey Ratner, director of IT engineering at Phoenix Home Life Mutual Insurance Co. in Hartford, Conn. "I know how things go. I feel bad for them."
Security breaches have become so routine that "after a little while, you stop noticing," said Rick Waugh, a project manager at Telus Corp. in Burnaby, British Columbia.
Illustrating his point, Microsoft last Friday confirmed that another hacker had managed to penetrate at least one of its Web servers after the company's security staff apparently failed to completely apply a patch that's supposed to plug a hole in Microsoft's Internet Information Server software.
But Cathy Hotka, vice president of information technology at the National Retail Federation in Washington, noted that Microsoft isn't alone in being at risk of attacks by miscreant hackers. "Security is a moving target, and if they can be hit, we can all be hit," she said.
"These things will be happening all the time. It's just the nature of technology," said Richard Viard, co-founder and senior vice president of research and development at SmarterKids.com Inc. in Needham, Mass. "There will always be somebody to outsmart you."
A security breach at one of the world's largest and most powerful technology companies didn't make Viard feel any more vulnerable than he already did, he said. "We've always been paranoid about this stuff," he said. "You can be very prepared, but you can never be impenetrable."
Much of the sympathetic response from IT professionals stemmed from their intimate knowledge of the struggle every company faces when trying to secure its own network.
"We understand exactly how difficult it is to avoid being hacked in multiple layers," said one IT executive at a large financial service provider. "We have hacking attempts every day, [although], I'm sure, less than Microsoft. There are lots of people trying all the time."
Sometimes attackers get through one layer of the company's defenses, "but that's about it," continued the executive, who asked not to be identified.