Microsoft seems well on the way to breaking last year's record for the number of security patches issued. The 2000 total managed to run into three figures, and it seems highly likely that 2001's total will be at least as high.

If you look back through the last couple of hundred Windows security patches, a large number of them have something in common. They are cures for something called an 'unchecked buffer' in various key programs and dynamic link libraries.

An unchecked buffer is, believe it or not, precisely what the name implies. If a programmer allocates, say, 50 bytes of storage to hold someone's name, it's essential to check that the user doesn't type in 56 characters.

If that happens, those last six characters will overflow the allocated space and will overwrite part of the program's code.

By carefully calculating which characters to use for those errant six characters, a hacker can effectively rewrite the program and cause all sorts of havoc.

You may think that unchecked buffers are a relatively new phenomenon and difficult to prevent, but they're not. I started writing about them almost 20 years ago. So why does a company with the programming expertise of Microsoft seem unable to detect them before releasing code?

Trivial pursuits

Preventing buffer overflows is pretty trivial. Programmers need to include code to check that their storage doesn't overflow. And most importantly, the library code built into compilers also needs to do the same to ensure that buffer problems cause an error message during compilation rather than allowing the corrupted code to continue running.

It saddens me that a problem which affected the very earliest Unix and MS-Dos programs is still resulting in patches for Windows 2000.

Microsoft always used to declare at the top of every security patch it issued that the company "takes security very seriously indeed". That phrase is no longer included. Perhaps we can draw our own conclusions as to why it was removed.

Meanwhile, hackers have been at work on Microsoft's product activation system. This is the feature in Windows XP and Office XP that forces users to register their software with Microsoft.

You supply Microsoft with the serial number of your product, and you are given, either by internet connection or telephone, a unique ID number that is required by the software to allow it to function.

This ID is calculated by looking up information about the PC on which the software is installed. If you subsequently try to register the software again and those numbers don't match, Microsoft reserves the right to accuse you of piracy and deny you an ID number.

Until recently, the hardware characteristics examined by Microsoft Product Activation were a closely guarded secret. It was, of course, only a matter of time before someone decoded them.

Details can be found at www.licenturion.com. Those behind the site have decided to stop short of divulging sufficient information to allow pirates to bypass the activation procedure, but they go into great detail about how the scheme works, and which information about the user's PC is gathered.

My thanks go out to these people for releasing information which Microsoft should never have kept secret in the first place.

Anyone involved in installing and maintaining software needs to know in advance which bits of hardware can be upgraded or repaired without the operating system refusing to boot. That information is finally public.

Security through obscurity never works, especially when it's done by an organisation as huge as Microsoft. It should have known better, and protected its software with a totally different scheme. It has only itself to blame.