3 of 11Image
Throughout the 1990s, Windows users already had been targeted by a multitude of viruses, many of which attached themselves to Microsoft Office documents. By 2001, the concept of a worm that could spread over networks was already well known.
Wisely, the designers of Windows XP included a firewall to protect users from network-based attacks. And then, in one of the great mysteries of our time, they decided to ship XP with Internet Connection Firewall turned off.
You can imagine what happened next. I remember it vividly. On August 11, 2003, Windows XP computers worldwide began shutting down. When restarted, they displayed this error message and went into an endless reboot loop.
That was the Blaster worm at work. Microsoft issued a rare (at that time) and extremely detailed security bulletin describing the symptoms and cleanup steps:
On August 11, 2003, Microsoft began investigating a worm that was reported by Microsoft Product Support Services (PSS). ... Generally known as "Blaster," this new worm exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026 (823980) to spread itself over networks by using open Remote Procedure Call (RPC) ports on computers that are running any of the products that are listed at the beginning of this article.
The Blaster worm, along with the previous year's Code Red attacks, were aimed at code that was written before Microsoft got serious about security.
Months after XP shipped, in January 2002, Bill Gates wrote his now-famous Trustworthy Computing memo, which included this across-the-board order:
In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We've done a terrific job at that, but all those great features won't matter unless customers trust our software.
So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
The memo was met with scorn in some quarters. Wired characterized it as "no more than a public relations stunt" and CNET talked to a security expert who called it "a PR blitz, pure and simple." But the memo turned out to be a genuine catalyst, kicking off a retraining and reengineering effort that wasn't fully engaged until the end of 2004 and didn't begin to bear fruit for several more years.
In fact, one could argue that the emphasis on security caused some overreaction. (See UAC, a few years later.)
For years, Microsoft user interface designers labored under the notion that Windows users wanted a friendly assistant to help them perform ordinary tasks. Clippy, the chirpy, googly-eyed paper clip that debuted in Office 97, became the stuff of endless parodies: “It looks like you’re writing a ransom note. Would you like some help with that?”
Windows XP had its own set of cringingly cute cartoon characters in the form of Search Assistants: Rover the dog, Merlin the Wizard, and a pair of other forgettable characters.
The worst part of the XP search experience was the set of tricks and corny punch lines each character would deliver as it made you go through extra steps to find files.
Eventually, someone in Redmond came to their senses and canned the characters in favor of a simple, fast search add-on. Not coincidentally, that happened after Google delivered a simple, fast search add-on for Windows.
Thank goodness for competition!
At the dawn of the commercial Internet, in the mid-1990s, Netscape represented an existential threat to Microsoft. Microsoft, which had not yet been reined in by the U.S. Department of Justice, responded aggressively to the dominance of Netscape Navigator, introducing Internet Explorer 1.0 at the same time as Windows 95 and revising it at a breakneck clip for the next six years.
Netscape could not compete, eventually selling itself to AOL in 1998. By the time XP launched in 2001, IE's market share was in monopoly territory, hovering around 90%.
Windows XP shipped with Internet Explorer 6, which was full of then-revolutionary ideas. This press release from 2001 almost sounds like a parody in retrospect. Seriously, "unparalleled support for industry standards"?
Internet Explorer 6 features a new visual design as well as innovative browser capabilities, including enhanced Explorer Bars, integrated instant messaging, media playback and automatic picture resizing, as well as improved privacy for personal information on the Web and unparalleled support for Internet industry standards. In addition to being easier to customize and deploy, Internet Explorer 6 is a feature-rich platform for building Web-based applications and developing compelling content for users.
And then, with victory assured, Microsoft decided to stop shipping new revisions of Internet Explorer. Part of the blame goes to the all-hands-on-deck focus on security, which stopped development of many Microsoft products as coders were sent for mandatory security training. But whatever the reason, it opened the door for a competitor.
Ironically, that competitor turned out to be built on the old Netscape code base, which had been open-sourced by AOL in 1998. It was originally called Phoenix (risen from the ashes of Netscape, get it?) and by the end of 2004 it had been renamed Firefox and had nearly a 4% share of all browser usage. As Microsoft continued to ignore IE and and security issues with the browser got worse, Firefox became increasingly popular.
Microsoft belatedly resumed development of Internet Explorer, shipping IE7 with Windows Vista in late 2006. A vastly improved IE8 shipped in 2009 with Windows 7. But those releases did little to slow the precipitous decline in market share for IE. Even worse, much of the web developer community had developed a visceral loathing for Microsoft’s browser.
Today, Microsoft has rededicated itself to web standards—this time for real. And its efforts with IE9 have earned grudging respect from some web professionals. But it will never be able to make up the momentum it lost with five years of neglect in the middle of the last decade.
Credit: chart data from Net Applications