Microsoft recruiting software pirates to fight Firefox?

Microsoft recruiting software pirates to fight Firefox?

Summary: Microsoft is going to let everyone -- even people with an illegal pirate copy of Windows XP -- download IE7 because the software giant really cares about the safety and security of all Internet users. (But don't mention Firefox ...)

SHARE:

Microsoft is going to let everyone -- even people with an illegal pirate copy of Windows XP -- download IE7 because the software giant really cares about the safety and security of all Internet users. (But don't mention Firefox ...)

In January 2005, Microsoft announced that unless users were in possession of a genuine copy of Windows XP they would be blocked from installing software updates or security patches.

At the time, security experts warned Microsoft that the move would result in more unpatched Windows systems and therefore an increased threat from compromised PCs.

In late 2006, the company released Internet Explorer 7 -- a significant improvement on IE6 because of its improved security, better adherence to Web standards and tabbed browsing.

According to a Microsoft spokesperson on Wednesday, Microsoft "feels that the security enhancements to Internet Explorer 7 are significant enough that it should be available as broadly as possible."

"One of the ways that users are infected with malicious software is through browser-based activity on the Web," the spokesperson explained. "Current market information indicates that a sizeable percentage of non-genuine versions of Windows are also some of the highest targeted with malware."

"This malware, once installed on the non-genuine systems, is also then quite often used to undertake broader security threats that impact not only non-genuine users but all users. An example of this malware activity would be botnets," the spokesperson said.

Allowing everyone to use a better, safer browser is obviously a welcome move. However, if Microsoft really wanted to make the Internet a safer place, it would also change the policy that stipulates only WGA-authenticated systems can download security patches.

Currently, only patches labelled "Critical" by the software giant -- which means they fix a flaw that could result in a self-replicating worm -- are available to non-WGA qualified users.

Fixes categorised as "Important" are left open. This means that, for example, non-genuine Windows XP users are still vulnerable to a flaw detailed in Microsoft Security Bulletin MS07-022 that was released on 10 April, 2007.

According to Microsoft, the fix for this flaw is important because without it, an attacker could "take complete control of an affected system ... then install programs; view, change, or delete data; or create new accounts with full user rights".

So it seems Microsoft is saying that the Internet will be a safer place if non-WGA XP users have its latest browser. The fact that these same people have an operating system full of known vulnerabilities doesn't seem to cause the company any concern.

By giving IE7 to non-WGA Windows users, do you think Microsoft is trying to make the Internet safer -- or is this just another way to fight Firefox?

Topics: Piracy, Browser, Microsoft, Security, Windows

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • What do I think..?

    I think that this has NOTHING to do with "A hard look at the latest developments in IT security with a real world perspective", despite trying to get the 's' word into as many paragraphs as possible.

    Microsoft trumpeted 'security' a major improvement in IE7, fair enough. But why is a blog that's supposed to be about real-world developments in IT security for the enterprise, ZDNET's audience, rehashing last week's story about IE7 being taken off the WGA list and asking if this is Microsoft making the Net safer or just fighting Forefox's growing share of the browser market?

    Come ON, guys. WTF is going on here with all these lame half-arsed efforts? Surely there are dozens of REAL security issues to tackle!
    anonymous
  • Agreed...

    But what else do you expect from Munir?
    anonymous
  • Jesus

    This guy (Munir) is a real joker, damages the credibilty of CNET Networks..
    anonymous
  • I disagree

    The point he raised is that MSFT only addressed "security" where it could also get a leg up competitively. Methinks that same research showed that users of those 'leaky' systems were protecting themselves by installing Firefox.
    anonymous
  • What do I think..?

    Market Share sept 2007:
    Firefox (all versions) - 14.8%
    IE6 - 42.75%
    IE7 - 34.60%

    I dont think market share matters at the moment, so to the comment "or is this just another way to fight Firefox?" - no i dont think so...
    anonymous
  • Microsoft do right thing

    People who use non-genuine version of Windows if they get all the updates as genuine user gets are still at risk. Because Crackers when do cracking then they make some vulnerability into system such as distroy part of Microsoft Malware scan engine. Secondly, just think about cracker most of working with hackers or they are hackers and they do crack and make illegal software to do hacking in future. If you want to have secure network you need to be genuine where as in Microsoft or apple or any other companies
    anonymous