Today, it was announced that the Redmond company had send out version of its IIS 4.0 server with a backdoor.
At the height of its war with Netscape, Microsoft engineers included a secret backdoor password using the phrase
Netscape engineers are weenies!
into version of IIS. As a result, Anyone writing a script that would access the dvwssr.dll file, which is used for Windows 98 extensions, in IIS could open access to Web site management files and possibly credit card information and user passwords.
This is high irresponsibility on the part of Microsoft engineers and should be condemned, especially since Microsoft is trying to push its IIS platform as the way to serve pages on the Internet. Thousands of companies have bought into the Microsoft line and are using the server both for intranets and Internet sites and one can foresee a potential class action lawsuit against the company following this incident.
While Microsoft announced that it would find the guilty parties and fire them, it tried to downplay the potential effects of that security hole. Interestingly, however, most of the web hosting providers have turned on the FrontPage 98 extensions that are at fault. In other words, Microsoft either doesn’t know what it’s talking about or is lying about the threat. Either way, it doesn’t look good for the company.
This could also add oil to the fire that is the DOJ antitrust law suit.
The words about Netscape are going to hurt it more. It may have been seen as a funny prank at the time but has the potential of being a bigger problem for the company.
One can expect Microsoft to use this as a way to push upgrades to Windows 2000 but Microsoft’s change of license on Windows 2000 make this an unlikely route for some of the smaller players. (Windows 2000 requires to buy an extra $2000 license for serving web pages, on top of paying the premium that was already customary for the server.)
Either way it tries to play this, Microsoft looks like it’s going to loose more customers to Linux, which is not only free but also appears to be more secure.
Interestingly enough, this event could also be another argument in favor of open source software. In the open source software environment, a trick like that would have been quickly eliminated.
Will Microsoft open-source Windows NT? Highly unlikely but when it comes to something like IIS, it could be a way for them to reign in their own developers and increase marketshares in the web server business. As Microsoft is in the business of selling Operating Systems, it might want to consider this course of action. The open sourcing of IIS would not affect its profit line (IIS is given away for free by the company already) and might insure Microsoft creates a stronger product that could better compete with Apache, currently the market leader and an open sourced package itself.
How would this work? Look at Mozilla as a potential example of how Microsoft could go about it.
First, make the source code available to anyone. Then take in comments and changes and include them into a package. Create a supported version (ie. The official IIS version) and allow other developers to create variance on it.
The bottom line: in this scenario, Microsoft would retain and probably increase its market share in a market it covets: mid to high range web servers. Furthermore, it would do so by opening up a dialogue with the Internet development community, therefore restoring some of its lost luster.