OneCare in the community

This last week has been quite a ride. One of the more interesting experiences has been getting on the wrong side of Microsoft, which took deep exception to a story we wrote from CeBit.

This last week has been quite a ride. One of the more interesting experiences has been getting on the wrong side of Microsoft, which took deep exception to a story we wrote from CeBit. In it, our reporter Tom Espiner talked to a reasonably senior Microsoft security bloke about OneCare, part of the company's security thrust.

We've heard a lot of things about OneCare, and some of them are very worrying. The thing that most scared me were reports that old and very awkward bugs, once fixed, had been resurfacing. I used to be a developer, and I know what that means: somewhere along the line, the code's gone out of control. That in turn means that the project management may have fallen off the tiger, and that the product may have further, possibly profound flaws.

We've written that in the recent past, and didn't get so much as a squeak out of MS - despite asking publicly for its take on the issue. So it seems reasonable, when the opportunity presents itself, to ask MS people what they think. Tom did, got some newsworthy quotes, and we ran them as a story.

There was a short pause, similar to those few seconds between the scientists in the Nevada desert putting on the dark glasses and the countdown hitting zero.

I won't go into the details of our subsequent conversations with Microsoft, except to say that we have agreed to disagree (they have an unshakeable opinion that a misunderstanding occured on our part. We have ten pages of notes). But I will share one most interesting, and I think revealing, aspect of our discussion. Our correspondent in MS included this in the latest missive:

"...I wanted to alert you to the following blog I just came across by a recognized researcher in the security industry, Robert David Graham from Errata Security – not because it is necessarily representative of Microsoft’s perspective on the matter, but more just flagging for you to make sure you were aware.

Hit Pieces and Ethical Journalism "

I don't want to get into a slanging match over that post, but I strongly disagree with some of its insinuations - that some sort of ambush was set up, and that the comments made by the interviewee were deliberately placed out of context. We didn't do those things - quite the opposite - and if I were to suggest that someone else were doing those things then I'd most certainly make sure I had the evidence to back me up. Y'know. Ethical journalism.

The most telling part, though, is this quote:

"...when a member of the press catches an "official spokesman" saying such damaging stuff, it's the reporter who is at fault and not the spokesman."

If that were so, then we would only report officially sanctioned information.

Microsoft is one of the most powerful companies on the planet. What it does affects billions of people. It takes decisions in secret, works to an agenda that is not disclosed, and projects a sanitised image that is judged by its effect on the market, not by its closeness to the truth. It runs a very big, very expensive and efficient media management operation. It can be one of the most frustrating and implacable entities for a journalist to deal with.

And that's fine. That's what big companies do. The bigger they are, the better they get at it. The journalistic job is to penetrate that screen and find out what's really happening, and we're operating at a huge disadvantage. We don't have the machinery, the resources, the back-up -- and we have to cover an industry, not just one company. How we work is by building up a picture that we think reflects what's going on, and we do that by talking to people. Lots of people, People officially involved, people unofficially involved, people with facts, people with opinions - if they've got part of the jigsaw, we want to know about it. We get things wrong - god, do we ever - but over time, with experience and a bit of chutzpah, we find out more than the PRs would like.

When we find stuff that's worth reporting - as in this case, because it is entirely relevant on matters of direct interest to our readers, on a product on which we had previously reported, from a person who really should know - and it matches what else we've had from other sources, then what, we should block our ears and sit on our hands because it's off-message? Is that what the readers want from us?

Anyway, some good has come of this - MS has finally promised us someone to do a completely sanctioned interview about OneCare, utterly on the record. I'm very much looking forward to that.

And I'm off next week, in San Diego - with Microsoft, at the Microsoft Management Summit. I've already been digging around for interesting, off-the-record, unofficial stuff concerned with what's going on there, and will relish the chance to ask anybody with a pulse and an MS business card about any aspect of the management strategy.

What else would you have me do? Take dictation?