Microsoft's security complex

Microsoft's security complex

Summary: Microsoft's security strategy is hard to understand. This may be because it doesn't exist

TOPICS: IT Employment

Microsoft's new-found devotion to security hasn't been doing too well. Malware of all kinds flourishes, patches are issued in considerable numbers -- eleven so far this month -- and far from reaping a peace dividend from more secure, easier to maintain software the company has been out buying anti-virus and anti-spyware vendors. Why has Microsoft's multi-billion dollar research division not come up with a way to protect the company's own vulnerable software?

It may be panic. The rumour from within Microsoft is that the latest acquisitions came about because Bill Gates found spyware on his own PC and 'freaked'. An engaging vision, but not really the stuff of corporate strategy. Nonetheless, this explains Microsoft's actions as well as anything -- and if the company has a long-term strategy and roadmap for improving security, it's not sharing them with anyone.

There are concerns that if Microsoft gives away all its anti-malware tools, this will distort the market and be unfair on competitors. But if Microsoft ever produced properly secure operating system and applications, the Symantecs of this world would wither away and not be missed. The employment of the doctor does not take precedence over the health of the patient. All people want are computers that work and data that is safe.

To that end, Microsoft must be more open about its methodologies and principles for producing secure software. It can even lead the industry by encouraging informed debate in this area, and adopting open, audited design processes that concentrate on safety first. No airliner can be built without rigorous safety checks at all stages of the design and testing, no food factory is exempt from inspection. Something of that attitude must become part of the software industry in general and Microsoft in particular.

We can help by refusing to buy software that can't be shown to have been designed well -- what other industry is so secretive about aspects of such fundamental importance? Governments and regulators can help by the forced open-sourcing of any portion of software sold to the public and subsequently found to be insecure. Shrinkwrap licences that offer reparation for security breaches caused by failures in the software would also concentrate the designers' minds. Draconian measures surely, and offered partly tongue-in-cheek, but what is the alternative?

Microsoft has failed to live up to its own promises. It cannot complain if others now fix the problems so created.

Topic: IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The solution is to go buy an Apple Mac OS X computer and then get back to work being productive. I can not believe people put up with this virus and spyware each and everyday. Ask a Mac owner how many virus and security problems they have had over the last year and see if you do not want to join the productive few. Even Microsoft Office (Word, Excel, and Powerpoint) run better on a Mac.

    Find out why you should switch here:

    Find all the software you need at the following links:

    -- kirk
  • Yea sure by a mac and pay thru the nose for everything i dont think so any how if OS-x is so darn brilliant why do so many mac users can it and install Linux the correct way to go .. of course..
  • Excellent suggestion - get more people using weather-proof clothing (and/or some bastardised version of ***X), so that the malware creators divert their attentions away from Microsoft products

    I.E. wake up to the fact that MAC & ****X are in technical terms just as vulnerable to malware - it is merely their negligible proportion of the desktop market that "protects" them becayuse "it aint fun if nobody uses it"
  • I think that if you buy a Mac - you end up with a secure and relatively virus free environment, and I don't care if that's because it's not much fun for the virus enthusiasts - it still menas not many virus's and that's gotta be good.

    I bought mine through [] as I live in UK and it's been as stable as I'd hoped.