News Analysis: Microsoft sometimes gets a raw deal when it comes to security. The software company is often targeted as the reason why security outbreaks occur. But it's not always Microsoft's fault. Here, eWEEK looks at why Microsoft gets a bad rap when it comes to Windows security. Whenever it comes time to talk about Microsoft, the discussion almost always turns to the company's handling of security. Microsoft's critics say the software giant's programs fail to adequately protect users. They also contend that Microsoft takes far too long to update its software, which makes the trouble last longer. Admittedly, Microsoft's poor software design does sometimes cause major security issues. Windows has been inundated with attacks for years, and Internet Explorer has been a hotbed of malicious activity.

 But that doesn't mean that Microsoft is always to blame. Quite the contrary, there are times when the software giant is totally innocent. In those moments, users might want to point their fingers at third-party software developers. They might also want to look in the mirror. Yes, when it comes to security, users and third-party developers are as much to blame as Microsoft.

 Here's why:

 1. Third-party holes

Third-party applications can cause major outbreaks on a Windows PC. Third-party programs don't always have adequate security protocols in place to ensure that data is kept safe. Worst of all, the apps aren't always updated as often as they should be. That's a problem. Malicious hackers are fully aware that some programs are easier to break into than others, so they attack the easier targets. And no matter what safeguards a user has in place, if a third-party program is wide open, it's trouble.

2. Out-of-date software

Sometimes, third-party applications are patched by a developer. There's just one problem: Users don't always update those programs. We've all been there. We're in the middle of something important and a program we've just opened asks us to update it. Rather than wait for the update and potentially be forced to restart the computer, we put it off for another time. That might seem like the best option in the moment, but it really isn't. If that update was a security fix, we're now putting ourselves at risk for an even longer amount of time than we should. If we don't update our third-party programs, there isn't much Microsoft can do to protect us.

3. Out-of-date antivirus and anti-spyware programs

Running antivirus and anti-spyware programs that aren't fully up-to-date is almost as useless as running nothing at all. As new issues crop up, security vendors are constantly updating their programs to keep user data secure. Unfortunately, those vendors can't force users to actually update their programs. So, a user who opts to wait is once again at risk of being affected by an issue that could be easily avoided with the help of a simple patch. Microsoft should have done a better job of making Windows resistant to viruses and spyware, but it also needs some help from users.

4. Users open attachments that they shouldn't

Microsoft shouldn't be blamed by a user who opened an attachment he or she shouldn't have. Unless a person is expecting an attached file from a known source, opening documents from within an e-mail program is never recommended. For years, malicious hackers have been using e-mail to take advantage of users who seemingly never learned that opening an e-mail attachment from an unknown sender is a bad idea. As much as security vendors and Microsoft have attempted to raise awareness of that issue, users just aren't listening. And when their computers are taken over, it's Microsoft, not themselves, that they blame.

Resource Library:

5. Users surf to sites that they shouldn't

In recent years, companies like Google have helped safeguard users who are surfing to unsafe sites. But that still doesn't stop folks from loading up Internet Explorer, Firefox or any other browser and going to sites that contain malicious files. It also hasn't stopped them from falling victim to phishing attacks on sites that look like a bank Website or credit card page. A tremendous number of people are still browsing sites that wreak havoc on their machines or their lives. Hopefully after being burned once, they will learn a lesson.

6. Where are all the passwords?

Some users make it far too easy for malicious hackers to gain physical access to their computers. Without a password controlling access to a machine, anyone can sit at someone's desk, boot up the PC and start stealing sensitive information. Currently, companies all over the world require users to password-protect their machines, so criminals can't gain access to their data. Why haven't more people applied that lesson to protecting their home PCs? Yes, it might be a pain to type in a password every time the computer awakes from sleeping, but it will also keep sensitive data safe.

7. The passwords are there, but why are they all the same?

Having a password is a great first step, but making passwords to different sites identical, or even making them easy to break, is about as useless as having no password at all. Once again, a desire for convenience might cause some people to use the same passwords for all their various accounts, but it's not doing them any favors. As any malicious hacker will point out, after breaking one password, they will try that same code on all other accounts to see if it works. If it does, they will have access to anything they want. Passwords need to be hard to crack and to vary from site to site.

8. Running in administrator mode

A common mistake some people make while running Windows is to use the computer in administrator mode. It might make using the PC more convenient, but it also gives malicious hackers access to anything they want on the computer. Some security experts say if PC owners run their computers in limited-user mode, they can eliminate many of the security woes that currently plague the average Windows user. For its part, Microsoft could do a better job of informing the public about the dangers of administrator mode. But again, if a user wants to run as an administrator, what can Microsoft really do to stop it?

9. Windows updates work

Windows updates could mean the difference between safety and an outbreak on a user's computer. As annoying as they might be, Windows updates are integral to the safety of a computer. Whenever Microsoft patches its operating system, users should be ready and willing to update Windows as soon as that update is available. If not, they're once again putting themselves at risk simply because they don't feel like fixing security problems in their OS. Microsoft can only recommend that users download a security update and provide patches whenever it can. What users decide to do after that is up to them.

10. Education

It's easy to blame Microsoft for the security woes users face, but sometimes, users need to realize that education could easily help them avoid many of the problems that plague them on a daily basis. With better security education, the Web would be safer, thanks to fewer people clicking over to malicious sites. E-mail attachments would be less worrisome, since users would know how to handle them. With better education, there would undoubtedly be less outbreaks, which would mean a safer PC environment for everyone.

 Microsoft is certainly not innocent in any of the security woes affecting Windows or its other software. But it's not always to blame. And it's important to remember that.