4 min read

Microsoft: The Security Problem And The Solution?

As Microsoft takes aim at the anti-virus/anti-spyware business, it's probably worth pointing out yet again: Is this the company you really want to trust to get you out of the virus/spyware mess? After all, it was Microsoft that got you in.
Somebody had to say it, and the Gartner Group's Neil MacDonald, bless him, did: "Microsoft's overriding goal should be to eliminate the need for [anti-virus] and [anti-spyware] products, not simply to enter the market with look-alike products at lower prices."

MacDonald's comments came after Microsoft Chairman Bill Gates gave a speech at the RSA Security Conference last week. Gates announced that Microsoft's anti-spyware tool would remain a free download, and it would bring out a new, presumably more secure Internet Explorer Version 7.0 for Windows XP this summer.

Apparently MacDonald and I agree that this is an open admission by Microsoft that it's made a mess it isn't technically competent to clean up.

What Microsoft's customers need (and deserve, and thought they were paying for) are operating systems and applications that are solutions, not problems. As InformationWeek's John Foley pointed out recently Gates got the "trustworthy computing" religion three years ago, but Microsoft still isn't demonstrating that it's learning anything: the company addressed 17 security issues a couple of weeks ago. More than half of them were vulnerabilities in its newest, supposedly most secure operating system, Windows XP Service Pack 2.

MacDonald said of the speech-making, "Microsoft has missed an opportunity to clarify its strategy for the security market and articulate whether it plans to be a leader in consumer and enterprise security solutions."

I'm from Indiana. I'd put it a little more plainly: Microsoft missed an opportunity to show that it cares more about its customers than it does about their wallets. It went for the wallets again.

What Microsoft showed was that when being wimpy will make it more profits than showing some character, it will be totally helpless. Microsoft needs to stop whining about intellectual property rights and start taking some responsibility. I'd make three specific suggestions:

    One. Last summer Microsoft sabotaged the effort to build a "Sender ID" anti-spam solution when it insisted on dictating the terms for licensing patents it holds that were incompatible with the Internet Engineering Task Force's approach to open standards. It should make a donation of a few million dollars to the IETF to restart the effort, and make whatever intellectual property was in dispute available under the terms of the GPL. It may or may not produce a solution to spam, but accepting the GPL would be a character-building exercise for Microsoft.

    Two. Microsoft should remove its free anti-spyware download from its Web site and announce that it will not develop and market anti-virus and anti-spyware products. Instead, it should dedicate significant resources to transferring its existing work in these areas to established vendors of such products and supporting them with greater access to Microsoft expertise and code. If it does anything less it will continue to give the appearance of fostering a problem in order to sell a solution.

    Three. It should develop new versions of Internet Explorer not only for Windows XP, but for Windows 2000 (which is, after all, still the preferred desktop OS of many of its best customers), and for Windows 98/ME, which are still in use on millions of computers connected to the Internet. Microsoft, through marketing practices found to be illegal, is responsible for the current state of the computing community as a monoculture. How many viruses would there be if it took 10 at once rather than just one wimpy Outlook exploit to cause enough damage to make the nightly news? Microsoft's business practices are the reason hackers are costing your company so much money. Cleaning up the messes you make is part of being an adult. Microsoft needs to act more like an adult.

One of the exhilarating things about the open software movement is that it has firmly established the idea that we're all part of a community. As members of the computing community we have value, and that value isn't all just about money. It's about doing something well and taking pride in it, about making contributions and receiving help. Microsoft could join that community. If it wants to.