Windows celebrated two birthdays this week. Windows XP was a decade old on October 25, and Windows 7 marked its second birthday on October 22.
Both operating systems have been insanely popular. In computing terms, XP is downright ancient, and yet it still accounts for roughly half the installed base of Windows users worldwide.
Meanwhile, Windows 7 is selling briskly. It’s earned overwhelmingly positive reviews, and the massive Windows user base is slowly but surely embracing it and moving inexorably away from XP.
Those two products represent high points for the Windows family, but there were plenty of low points in between. In fact, an unvarnished history of Windows over the last decade turns up its fair share of failures and big mistakes.
As a longtime Microsoft-watcher, I’m as fascinated by the company’s missteps as I am by its successes. Anyone who worked at Microsoft in the first decade of the 21st Century knows the impact that those wrong turns had on the company and its culture. How the company responded to those mistakes had an indelible impact on products that are on the market today and those that are planned for the future.
For this list, I deliberately ignored everything that happened before the public launch of Windows XP. That means, thankfully, we don’t have to rehash Microsoft Bob or Windows Me, nor do we have to go through the long and painful antitrust trial that ended earlier in 2001.
But that still leaves plenty of history. The ten case studies I've gathered here represent a mix of security gaffes, bad business decisions, and user experience failures.
They say every mistake is a teachable moment. So what has Microsoft learned from its miscues over the past decade?
Throughout the 1990s, Windows users already had been targeted by a multitude of viruses, many of which attached themselves to Microsoft Office documents. By 2001, the concept of a worm that could spread over networks was already well known.
Wisely, the designers of Windows XP included a firewall to protect users from network-based attacks. And then, in one of the great mysteries of our time, they decided to ship XP with Internet Connection Firewall turned off.
You can imagine what happened next. I remember it vividly. On August 11, 2003, Windows XP computers worldwide began shutting down. When restarted, they displayed this error message and went into an endless reboot loop.
That was the Blaster worm at work. Microsoft issued a rare (at that time) and extremely detailed security bulletin describing the symptoms and cleanup steps:
On August 11, 2003, Microsoft began investigating a worm that was reported by Microsoft Product Support Services (PSS). ... Generally known as "Blaster," this new worm exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026 (823980) to spread itself over networks by using open Remote Procedure Call (RPC) ports on computers that are running any of the products that are listed at the beginning of this article.
The Blaster worm, along with the previous year's Code Red attacks, were aimed at code that was written before Microsoft got serious about security.
Months after XP shipped, in January 2002, Bill Gates wrote his now-famous Trustworthy Computing memo, which included this across-the-board order:
In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We've done a terrific job at that, but all those great features won't matter unless customers trust our software.
So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
The memo was met with scorn in some quarters. Wired characterized it as "no more than a public relations stunt" and CNET talked to a security expert who called it "a PR blitz, pure and simple." But the memo turned out to be a genuine catalyst, kicking off a retraining and reengineering effort that wasn't fully engaged until the end of 2004 and didn't begin to bear fruit for several more years.
In fact, one could argue that the emphasis on security caused some overreaction. (See UAC, a few years later.)
For years, Microsoft user interface designers labored under the notion that Windows users wanted a friendly assistant to help them perform ordinary tasks. Clippy, the chirpy, googly-eyed paper clip that debuted in Office 97, became the stuff of endless parodies: “It looks like you’re writing a ransom note. Would you like some help with that?”
Windows XP had its own set of cringingly cute cartoon characters in the form of Search Assistants: Rover the dog, Merlin the Wizard, and a pair of other forgettable characters.
The worst part of the XP search experience was the set of tricks and corny punch lines each character would deliver as it made you go through extra steps to find files.
Eventually, someone in Redmond came to their senses and canned the characters in favor of a simple, fast search add-on. Not coincidentally, that happened after Google delivered a simple, fast search add-on for Windows.
Thank goodness for competition!
At the dawn of the commercial Internet, in the mid-1990s, Netscape represented an existential threat to Microsoft. Microsoft, which had not yet been reined in by the U.S. Department of Justice, responded aggressively to the dominance of Netscape Navigator, introducing Internet Explorer 1.0 at the same time as Windows 95 and revising it at a breakneck clip for the next six years.
Netscape could not compete, eventually selling itself to AOL in 1998. By the time XP launched in 2001, IE's market share was in monopoly territory, hovering around 90%.
Windows XP shipped with Internet Explorer 6, which was full of then-revolutionary ideas. This press release from 2001 almost sounds like a parody in retrospect. Seriously, "unparalleled support for industry standards"?
Internet Explorer 6 features a new visual design as well as innovative browser capabilities, including enhanced Explorer Bars, integrated instant messaging, media playback and automatic picture resizing, as well as improved privacy for personal information on the Web and unparalleled support for Internet industry standards. In addition to being easier to customize and deploy, Internet Explorer 6 is a feature-rich platform for building Web-based applications and developing compelling content for users.
And then, with victory assured, Microsoft decided to stop shipping new revisions of Internet Explorer. Part of the blame goes to the all-hands-on-deck focus on security, which stopped development of many Microsoft products as coders were sent for mandatory security training. But whatever the reason, it opened the door for a competitor.
Ironically, that competitor turned out to be built on the old Netscape code base, which had been open-sourced by AOL in 1998. It was originally called Phoenix (risen from the ashes of Netscape, get it?) and by the end of 2004 it had been renamed Firefox and had nearly a 4% share of all browser usage. As Microsoft continued to ignore IE and and security issues with the browser got worse, Firefox became increasingly popular.
Microsoft belatedly resumed development of Internet Explorer, shipping IE7 with Windows Vista in late 2006. A vastly improved IE8 shipped in 2009 with Windows 7. But those releases did little to slow the precipitous decline in market share for IE. Even worse, much of the web developer community had developed a visceral loathing for Microsoft’s browser.
Today, Microsoft has rededicated itself to web standards—this time for real. And its efforts with IE9 have earned grudging respect from some web professionals. But it will never be able to make up the momentum it lost with five years of neglect in the middle of the last decade.
Credit: chart data from Net Applications
Microsoft's ActiveX technology seemed like a very bright idea in 1996, when the World Wide Web was still shiny and new. ActiveX controls were helper programs that could be called by a local app or a Web browser for a specific function. But the architects who dreamed up ActiveX didn't think of its consequences on PC security. The results over the next 10 years or so were disastrous. Today, if you ask a computer security professional or an IT pro about ActiveX, they'll probably just roll their eyes and groan.
The subject came up last year when I criticized Adobe's record on security. Several readers pointed out, quite reasonably, that the same Symantec report I referenced in that post said that "ActiveX technologies still constituted the majority of new browser plug-in vulnerabilities [in 2009], with 134." And indeed, for years after XP's introduction Microsoft was continuing to deal with the fallout of ActiveX insecurity.
Initially, ActiveX provided a convenient way for crooks to sneak malware onto Windows PCs. These were classic social engineering attacks, with malware disguised as a required update to play media files, for example.
Microsoft dealt with those But then, in June 2009, the mother of all ActiveX vulnerabilities was discovered. This is the infamous MSCOMM32.OCX ATL Loader Remote Code Execution Vulnerability (CVE-2008-0024). The problem was found in a template file that was included with Microsoft Visual Basic. In its security advisory, IBM Internet Security Systems rated its exploitability as "high" and described what made the problem so acute:
Although this ActiveX control is not installed by default, most PCs have it. Nearly all Visual Basic applications include this DLL during the installation process, and, since it's considered a shared component of these applications, it is typically left on the system even after an uninstall. So, if a Visual Basic program has ever been installed on a computer, it probably has this ActiveX control installed, too, which makes this component highly prevalent, and, therefore, a lucrative target for attackers.
There's no telling how many ActiveX programs were affected by this vulnerability, but the number is probably in the hundreds. The problem was worst for anyone using Windows XP with Internet Explorer 6.
Over time, Microsoft has tightened security around ActiveX controls dramatically. IE7 introduced a feature called ActiveX opt-in, which made it impossible for an attacker to use an installed ActiveX control without permission. In Windows Vista and Windows 7, Internet Explorer use Protected Mode, which sandboxes ActiveX controls so they're unable to do any serious damage. And cumulative updates to Internet Explorer routinely set ActiveX "killbits" for vulnerable controls to block them from running at all.
In modern Windows versions, you're unlikely to find more than a handful of ActiveX controls. (Adobe's Flash plugin for Internet Explorer is the most common one.) But it's taken years to shake off the security headaches that came with ActiveX, and Internet Explorer's image remains tarnished today.
Before there was the iPad, there was the Tablet PC.
Bill Gates proudly introduced Windows XP Tablet PC Edition (a variant of Windows XP Professional) in 2002, and he operating system got a major update in 2005. Its features were rolled into Windows Vista in 2006, and the entire pen-and-touch input system was refined impressively in Windows 7 in 2009.
And then the iPad came out and made Tablet PCs look like something from a prehistoric time.
What went wrong? If you look closely enough, three problems emerge.
First, the hardware available in the early 2000s simply wasn't good enough to make the tablet experience fun or interesting. Tablets were heavy and hard to hold, and they didn't have enough battery life to get through a working day without being recharged.
Second, these alternative modes of input were considered features rather than the primary mode of interacting with a Tablet PC. Although a few brave OEMs tried to introduce slate designs, the most common tablet configuration was a convertible PC, which functioned as a conventional notebook most of the time and switched into tablet mode as needed. The result was a system that didn't do either task particularly well.
Finally, the biggest problem was a lack of developer support. Even tablet enthusiast had a hard time finding apps that really took advantage of pen and touch input.
And so the entire Windows Tablet PC category was relegated to niche status, selling a microscopic number of units. Within a few months of its release, Apple had sold more iPads than Microsoft had sold Tablet PCs in the preceding eight years.
There's no question that Microsoft learned some painful lessons from the Tablet PC failure. There's also no question that its Tablet PC experience has given it a good head start—at least in technology terms—when it comes to Windows 8. For 2012, its challenge is to prove it can deliver a tablet that people will love. That's a tall order.
Photo: Michael Walsh, The Acer Guy
After XP shipped in 2001, Microsoft got right to work on the next release of Windows. It was an ambitious undertaking. Then-Windows boss Jim Allchin had a long list of groundbreaking features that would go into the upgrade, which was code-named Longhorn.
Paul Thurrott covered the Longhorn project extensively in those early days, putting together a detailed FAQ, multiple screenshot galleries, and extensive coverage of the many times Microsoft excitedly showed off new Longhorn features to developers and partners.
For Longhorn, the high point was the 2003 Professional Developers Conference (PDC), where Microsoft showed off everything it had done so far and whipped developers into a frenzy over what they could do with Avalon and Indigo and WinFS (Future Storage) and Next Generation Secure Computing Base, aka Palladium.
And then the wheels fell off.
In January 2004, Allchin sent an e-mail to Gates and Ballmer admitting failure:
I must tell you everything in my soul tells me that we should do what I called plan (b) yesterday. We need a simple fast storage system. LH (Longhorn) is a pig and I don't see any solution to this problem.
It took a few months, but by August the die had been cast, and the infamous "Longhorn reset" happened. A 2005 Wall Street Journal article has the ugly details:
Microsoft would have to throw out years of computer code in Longhorn and start out with a fresh base. It would set up computers to automatically reject bug-laden code. The new Longhorn would have to be simple. It would leave bells and whistles for later -- including Mr. Gates's WinFS ...
On Aug. 27, 2004, Microsoft said it would ship Longhorn in the second half of 2006 -- at least a year late -- and that Mr. Gates's WinFS advance wouldn't be part of the system. The day before in Microsoft's auditorium, Mr. Allchin had announced to hundreds of Windows engineers that they would "reset" Longhorn using a clean base of code that had been developed for a version of Windows on corporate server computers.
Nearly three years of work went down the drain, and a demoralized development team had to kick into high gear to turn out Windows Vista two years later. It's no wonder that Vista, despite its excellent foundational work, was a mess when it shipped.
Screenshot credit: Paul Thurrott
One of the great failings of Windows XP was a default security model that gave the primary user account full administrative powers over the operating system.
In its documentation for IT professionals, Microsoft recommended that administrators configure standard accounts for users, to limit the amount of damage they could do if they were tricked into installing a malicious piece of software. But many Windows programs were written under the assumption that the user had full administrative privileges and wouldn't run under a standard user account.
So, for Windows Vista, Microsoft decided to get serious about tightening the screws on user account permissions. In the process they went too far, alienating users and creating the single most mocked, misunderstood, and despised Vista feature of all: User Account Control.
During the darkest days of the Vista era, I wrote a lot of posts about UAC. including one extremely popular set of instructions for taming UAC. That post included this succinct description:
The biggest misconception I hear about UAC is that it’s just another silly “Are you sure?” dialog box that users will quickly learn to ignore. That’s only one small part of the overall UAC system. The point of UAC is to allow you to run as a standard user, something that is nearly impossible in Windows XP and earlier Windows versions. In fact, with UAC enabled (the default setting) every user account in Windows Vista runs as a standard user. When you try to do something that requires administrative privileges, you see a UAC consent dialog box. If you’re an administrator, you simply have to click Continue when prompted. If you’re running as a standard user, you have to provide the user name and password of a member of the Administrators group.
What went wrong? For starters, there were way too many consent prompts—some of them in a cascade for a what should have been a simple task.
And it didn't help when a Microsoft executive publicly and proudly admitted that the point of the feature was to "annoy users." David Cross, a product unit manager at Microsoft, made that admission in a speech at a security conference:
"The reason we put UAC into the [Vista] platform was to annoy users — I'm serious," said Cross, speaking at the RSA Conference in San Francisco on Thursday. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."
Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.
That might have been literally true, but the subtlety was lost on exasperated Vista users, who felt personally offended at being used as human targets in a sniping war with third-party software developers.
Microsoft toned down UAC dramatically in Windows Vista Service Pack 1 and gave it a complete overhaul in Windows 7. And the bad publicity did indeed shame the most egregious software offenders into cleaning up their act. But the damage was done. Today, UAC may be far less annoying, but its reputation has never fully recovered. Microsoft learned a key lesson: features with this much disruptive potential need to be designed carefully from Day 1.
When people ask me what's the stupidest thing Microsoft ever did with Windows, I have an easy answer.
I even used that word back in June 2006, when I wrote Microsoft presses the Stupid button:
When you’re the Evil Empire, it’s only natural to get a bad rap for everything you do. Microsoft gets bad-mouthed a hundred times a week for things that would be perfectly acceptable coming from anyone else. Given that level of criticism, it’s easy to ignore the times when they’re just completely, egregiously wrong.
The uproar over Microsoft’s new Windows Genuine Advantage authentication software, which is now being pushed onto Windows users’ machines via Windows Update, is one of those occasions. Someone at Microsoft just pushed the Stupid button. And things aren’t going to get better until they stop pushing it.
But over the next two years, they made it worse, with activation servers that failed and unfairly branded innocent Windows users as software pirates. The program hits its low point, not surprisingly, in Windows Vista, when Microsoft released its toughest version yet:
Microsoft denies that this is a "kill switch" for Windows Vista ... Technically, they're right, I suppose. Switching a PC into a degraded functionality where all you can do is browse the Internet doesn't kill it; but it's arguably a near-death experience.
I long ago lost count of the number of words I wrote about Windows Genuine Advantage and product activation, but I don't regret a single one of them. I know they made a difference. Microsoft removed the "kill switch" in Windows Vista Service Pack 1, and in Windows 7 the activation experience seems to finally work.
For as long as Microsoft has made operating systems, it has had a complicated relationship with its customers.You might think of yourself as a Microsoft customers, but roughly 90% of all copies of Windows are sold by PC manufacturers, who in turn resell those machines to end users like you and me.
That creates the potential for a conflict if the interests of the PC makers aren't in alignment with the needs of the customers who will eventually buy those PCs. And there is no better example than the mess Microsoft made when it was getting ready to launch Windows Vista.
The new, whizzy Aero graphics in Vista demanded up-to-date hardware. But Intel was still selling the older 915 graphics chipset, which wasn't up to the challenge, and PC makers like Sony and Dell were continuing to design notebooks built around those chipsets. Microsoft initially wrote specs that would have disqualified those PCs from earning a Vista logo. Intel demanded that Microsoft bend the rules, and Microsoft eventually caved.
Microsoft created a new logo that defined these graphically challenged PCs as "Designed for Windows XP / Vista Capable." In its public pronouncements, executives danced around the limitations: "PCs with the Windows Vista Capable logo can run the core experiences of Windows Vista," said Microsoft's Will Poole at the Windows Hardware Engineering Conference in 2006.
And that's when the lawsuits began.
The exhibits that came out during discovery were particularly embarrassing. The worst was an e-mail from Jim Allchin, who said, "I believe we are going to be misleading customers with the Capable program." According to CNET's Ina Fried, he was described as "apoplectic" over the decision.
Several years later, I was offered an opportunity to give Microsoft some free advice on how to fight Vista criticism. "We're sorry" is a good start, I said.
"Microsoft could admit that they screwed up when they put Intel’s interests over those of their customers in the 'Vista Ready' and 'Vista Capable' logo snafu. It would be nice to think that some heads rolled for that one."
It’s worth noting that Steven Sinofsky, who’s now in charge of the Windows development effort, was harshly critical of the decision at the time. All of the executives who were named in the most damning bits of evidence have left Microsoft. I don't think that's a coincidence.
Microsoft took a lot of well-deserved abuse for its many versions of Windows Vista. The top consumer version, Vista Ultimate, had an insanely high price tag that I called "price gouging" after looking at what was in it.
The most comically misguided addition to Vista Ultimate was a feature called Windows Ultimate Extras. A separate Control Panel icon promised "cutting-edge programs … available only through Windows Ultimate Extras" along with "innovative services" and "tips and tricks … to get the most out of Windows Vista Ultimate Edition."
At the time, I was skeptical:
Through the years, Microsoft has been pretty damn smart about its product marketing, but they’ve screwed this one up completely. ... It’s hard to imagine what sort of goodies they can include in the Ultimate Extras box that will make this package irresistible and worth the extra cost.
Ultimately (heh), Microsoft delivered four Ultimate Extras with the shipping version of Vista, but that was it. And to add insult to injury, Microsoft eventually killed off some of those add-ons:
I’m sure the Windows 7 team cringes every time they’re reminded of the puffery and promises their predecessors made about what turned out to be an Ultimate Embarrassment. Over the past few years, Microsoft has tried to stuff those references to “cutting-edge programs [and] innovative services” down the memory hole. Indeed, they’ve shut down the Secure Online Key Backup service that was one of the signature Ultimate Extras, and the handful of games that made it to Windows Update don’t survive an upgrade to Windows 7. (Ouch.)
Microsoft downplayed the Ultimate edition in Windows 7. If they're smart, they'll get rid of the SKU completely for Windows 8.