Microsoft told to take some virus blame

One-third of business users blame Microsoft for the recent worm outbreak, despite the company's security efforts, according to a poll.

Thirty-five per cent of respondents to an informal web survey of customers by security company Sophos said the software maker was ultimately at fault for the recent rash of worms spawned by variants of Zotob. In the poll results, released on Thursday, 45 per cent placed the blame squarely on the virus writers, while 20 per cent laid blame on their systems administrators for not patching systems fast enough.

Graham Cluley, Sophos senior technology consultant, said in a statement: "The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected business. But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place."

Microsoft is not alone. Companies are increasingly calling on software developers to improve their security battle-testing of products before release.

A Microsoft representative said on Thursday: "No software is 100 per cent secure, and this is collectively being felt by the industry. Over the last year, Microsoft has made improvements with security."

The software giant, for example, has launched its Security Development Lifecycle, the representative said. The move modified Microsoft's software development process to improve the way it integrates security best practices from the start.

Microsoft has also seen security improvements with its Windows XP operating system and the Service Pack 2 update, analysts said.

In the most recent worm outbreak, malicious attackers began circulating variants of Zotob and other viruses that exploit a plug-and-play feature in some Windows versions. The onslaught came shortly after Microsoft's regular monthly patch release, which included a fix for the problem. The flaw allows remote attack in Windows 2000 and not Windows XP SP2, according to Microsoft.

Cluley said: "Microsoft is stuck between a rock and a hard place when it comes to vulnerabilities. When it goes public about its security holes, a virus can be written to exploit them and many businesses may not have rolled out the patch. If it kept quiet... everyone would ask why Microsoft hadn't warned anyone of the vulnerability."

Dawn Kawamoto writes for CNET News.com