If Microsoft wanted to make me happy in 2005—which the company keeps telling me (and all its other customers) is a top priority—I have a very easy way they could do it: Make me a non-combatant.
Like most of you, I am spending inordinate amounts of time and a fair amount of money (even with free review software) fighting computerized evil. But I am doing it as a Microsoft conscript. Fighting Redmonds battles seems to be a war without end, either in time or money.
Most of the security challenges I fight each day relate to something Microsoft did or did not do. This is one loop I want to be taken out of. It should be Microsoft that fights its enemies, not you and me.
The naïve “fathers of the Internet” also own a big share of the blame, but they are harder to pin down. They can also claim to have created a monster that broke out of their labs and into the world at-large, doing something it was never intended to do.
In 2005, Microsoft needs to take responsibility for its security troubles and unburden its customers. And once Microsofts customers become non-combatants, the company should respect the Geneva Conventions, which require that civilians be protected as much as possible.
Microsoft has an obligation to provide, for free, all the security software that a typical customer would need, including the ongoing updates. OK, maybe not an obligation—Microsoft didnt sign the Geneva accords and only seems like a government. Still, doing the right thing usually is obligatory.
Microsoft is perfectly capable of protecting its customers and is already doing it to an extent with anti-spam and firewall technology. In mid-2003, Microsoft purchased GeCAD, an anti-virus company, but so far has nothing to show the public for it.
So maybe Microsoft needs to buy another security company and keep it independent but start giving its products away. I think Symantec would be a good candidate for this. Ive never understood why Microsoft allowed the company to exist in the first place.
Microsoft should own up
Check that, I do understand why: Microsoft didnt want to accept responsibility for the problems it caused or the security features it left out.
Think about it: The reason most people bought the original Norton Utilities was to resurrect lost files. Norton had an unerase utility, Microsoft didnt, and cash registers counted up the receipts. Microsoft created a problem, and you and I had to pay someone else to solve it.
Now the problems have become so pervasive that Microsoft ought to own up to having caused them—sometimes merely by ticking people off—and get customers out from the line of fire.
Im not saying the utility business should go away. Or even that Symantec doesnt add genuine value. But when I go into the store and see boxes upon boxes of security software—most of them yellow Symantec boxes—it makes me angry. Microsoft built its success on software it should have known was insecure but did it to speed development and, perhaps, because the real depth of security problems (or evil) couldnt be known.
This was, I believe, the right decision. I am not sure wed have the widespread use of technology we enjoy today if Microsoft had taken more time building its operating systems and applications.
But, once problems surfaced—like the early computer viruses and application hacks—Microsoft kept its head in the sand for too many years. This allowed companies like Symantec to flourish.
Let me say clearly that I dont “blame” Microsoft for all the worlds problems. I dont think the company was negligent. It certainly was slow to react, however, and the delay has forced customers to invest in security products they really shouldnt have had to purchase.
Despite the smiling assurances of Bill and Steve that help is on the way, progress has been insufficient. That can change, however, with the writing of a check, albeit a large one, to make good security software available to all its customers for free.
Its the kind of move only a Microsoft could make, which is precisely why it should.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.