We can make Windows more secure with this simple plan.Ive been so busy patching all my Windows machines lately that I dont have any time to enjoy how Microsoft has made my computing experience easier and more fun. Like you, my days and nights have been eaten up by a worm named Blaster, MSBlast, LovSan or whatever the little wriggler is calling itself now. (Cant these hackers make up their minds?) Just when I get a moments rest, the worm keeps slithering back because its merrily running on a gazillion PCs out on the Net.
The owners of these computers failed to install a security patch Microsoft posted July 16. eWEEK Technical Director Jim Rapoza may have been thinking of people like this when he wrote in his Aug. 4 Tech Directions column that todays PCs are too powerful for untrained individuals. People shouldnt buy a PC, Rapoza wrote, unless theyre willing to learn all the aspects of controlling it.
Thats an intriguing notion, but Id turn it around. Perhaps Microsoft shouldnt be able to release a new version of Windows until its been examined, line by line, by a panel of outside security experts. Think of this brain trust as the Supreme Court of Software. When this group gives its seal of approval to the code, out to consumers it goes. (Microsoft could call the newly idiot-proofed operating system Windows for Dummies.)
How would such a panel come to be? Many executives in the computer industry dont seem to want any yucky consumer protection stuff to become law. So wed have to implement this without relying on government intervention. Instead, we could use the private market.
The next time Microsoft wants to claim that one of its operating systems is "the most secure version of Windows ever," corporate leaders would sit on their purchase orders until the Redmond, Wash., company posted a security bond. To make it adequate, the bond would be, oh, lets say, $50 billion. Microsoft has that much in its cash reserves alone, and the funds are just lying around doing nothing. We could put that money to work and get the economy moving.
If your enterprise was hit with a costly worm due to poorly tested Windows code, you could surf to a Microsoft Web page and simply withdraw an amount of money equal to your staffing and downtime expenses. To keep anyone from dipping into the fund more than once, each of us could type in our own unique Windows Product ID numbers.
Do I think this fund would actually get established? Its as likely as SNOBOLs chance in hell. (If youre naughty enough to be sent to the underworld, you cant program in SNOBOL because the daemons make you use MS-DOS 1.0 for eternity.)
On the other hand, there is a precedent. Many manufacturers of surge protectors guarantee to repair or replace your hardware if its damaged by an electrical surge while connected to their gizmo. These manufacturers exhibit confidence in their products. Anyone whos met Microsoft CEO Steve Ballmer knows he radiates confidence. Perhaps hell be bold enough to restore faith in his company with a "Well eat your worms" money-back offer.
Its not as if Microsoft lacks resources. In recent financials, the company showed an 85 percent profit margin on Windows. In countries where Linux is a stiff competitor, though, the margin drops. In Thailand, Microsoft sells Windows and Office together for the equivalent of $36, according to an Aug. 14 Wall Street Journal article. The difference between $36 and the combined $300 or so street price thats paid in the United States is a kind of "stupid Americans" tax. That would finance quite a worm fund.
I find it interesting that Blaster and related worms affect only the more "advanced" versions of Microsofts operating systems, including Windows 2000, Windows XP and the new Windows Server 2003. According to Microsoft, Windows ME isnt vulnerable.
Funny thing, thats exactly the version thats running on one of my old, vintage laptops. I sometimes take it with me when I travel. So unless I uncharacteristically become an early bird, I wont be catching any worms.
Discuss this in the eWeek forum.
Brian Livingston is editor of BriansBuzz. com and co-author of "Windows Me Secrets" and nine other books. His column appears every other week in eWEEK. To send tips, visit www.briansbuzz.com/contact. Send your comments to eWEEK@ziffdavis.com.
