Theres a love-in coming to California next week, but it wont be grooving along in San Franciscos Haight-Ashbury district. Instead, itll be headquartered in a boxy convention center in downtown Los Angeles.
The event will be Microsofts Professional Developers Conference, where thousands of programmers who create Windows applications and drivers will schmooze, share tips and learn what changes the software company is planning for its next major Windows operating system release. That, of course, will be “Longhorn,” which will ship sometime in 2005 or 2006.
Attendees are expecting to receive a CD-ROM containing an early, prebeta release of the graphical operating system, plus previews of new SQL Server and Visual Studio technology and other stuff.
But love is a complex emotion, and there are signs that the ties that bind Microsoft and its developer community are undergoing strain. Even developers who are 100 percent committed to the Microsoft platform are complaining that its inherent weaknesses are killing them—and the enterprises that use the applications the developers create.
The cost of dealing with viruses, spam and other malware—most of which targets Windows and its bundled applications—now runs into the tens of billions of dollars each year, by many accounts.
The CERT Coordination Center, a federally funded research organization, says the total number of reported security vulnerabilities has roughly doubled every year from 1998 to 2002.
In my view, most corporations are willing to give Microsoft one more chance to produce a tight, secure version of Windows. Longhorn is the perfect—but possibly last—opportunity to do this. If the upcoming release offers merely a few more features and the same old internal flaws, the trickle of enterprises abandoning Windows will become a flood.
Will Microsoft go out of business if it produces another buggy version of Windows that needs a patch a week? Not likely. The company could continue to make billions just on the copies of the operating system that are preinstalled by OEMs and pushed out to consumers.
But the upgrade cycle in the corporate world stands a chance of being broken for good. The outcome will depend upon whether Microsoft seizes this turning point and makes Longhorn the release that rejects malware.
To get such malware as viruses, worms and spyware down to manageable levels would require deep changes in Windows and, therefore, in all software that runs on Windows. These shifts could be wrenching, but not making them will ultimately be even more painful.
Bruce Schneier, author of “Beyond Fear” and chief technology officer of Counterpane Internet Security Inc., is one of many experts who isnt shy about publicly advising Microsoft. “The most important thing for them to do,” Schneier said in an interview, “is improve the security of their software out of the box. That includes increasing the quality of their code, removing features, simplifying installation and shipping with features turned off.”
Schneier knows what can happen if something doesnt change. “Legislatures could impose liability on the computer industry by forcing software manufacturers to live with the same product liability laws that affect other industries,” he writes, in a new foreword to the 2004 edition of his book “Secrets and Lies.” “If software manufacturers produce a defective product, they would be liable for damages.”
Such an earthquake could emerge not just from legislatures but also from courts. All it would take would be a precedent-setting ruling that the “were-not-liable” language thats commonplace in shrink-wrap licenses is “unconscionable and unenforceable.” The lawsuits would fly.
This would hit not just Microsoft but all developers. They have a huge stake in Microsoft getting it right and shutting down the ills that ail us all. Microsoft should not wait until a legal remedy is forced upon it. It owes at least that to its legion of loyal developers.
Brian Livingston is editor of BriansBuzz.com and co-author of “Windows Me Secrets” and nine other books. His column appears every other week in eWEEK. To send tips, visit www.briansbuzz.com/contact. Send your comments to [email protected].