As I said earlier, it is very difficult to write software that has zero bugs and vulnerabilities, especially when you are talking about large and complex pieces of software like Windows and Linux. It can’t be done. So what we’ll need are tools to proactively detect and protect the user, tools to educate the user, tools to help the user to make a decision about whether to run certain software on their system, tools which can detect suspicious activities etc. And such tools are antivirus and antispyware software. So it was no surprise when Microsoft first bought antivirus software company GeCad and then bought antispyware software company Giant. People at Microsoft are smart and they have a very good vision about software and where it needs to go. And the sooner the Linux crowd realizes these things and stops being arrogant, the sooner they can start to work on these things for themselves.
What saddens me sometimes though, is that no matter what Microsoft tries to do in the interest of end users, people will always find bad motives behind Microsoft’s actions. If Microsoft would do nothing to improve the security of its software products and leaves it to third parties, they would complain about how Microsoft does not care and is increasing the TCO for its products by requiring customers to install third party software to protect them. If Microsoft tries to do something about it, like for example releasing a free antispyware program to help protect users from spyware, they complain about how Microsoft is entering the antispyware and antivirus market and are going to kill competitors like Symantec and McAfee. Like they say, if you want to hit a dog, you will be able to find a stick. When I read the article I just linked, I emailed Cringely and asked him what he was smoking, because my guess was it had to be quite strong. After an email exchange, in one of his following articles he wrote:
A reader took me to task recently for being too hard on Microsoft. I’m a cynic, he said, for predicting that bad things would come of Redmond’s decision to offer free anti-virus and anti-spyware services. All I can say is that I looked again at recent events, reconsidered my own motivation, and sure enough, I was not completely correct in my previous analysis.
When reading this I started to get some hope that maybe I did manage to convince him about certain things. But then, I read this:
On further deliberation, I have to say that Microsoft’s entry into these businesses is far, far worse than anything I predicted. It is a disaster both for users and for the software industry.
God help us all.
In any case, security in Microsoft’s products will only increase going forward. Microsoft is doing an excellent job at this, and studies and reports these days clearly show the improvements. For Longhorn Microsoft has a lot of cool stuff planned, security in managed code will be a much greater improvement, and Longhorn will enable users to isolate certain programs like IE from the rest of the system to minimize any potential security problems from spreading to the whole system. The thing I like about Microsoft is that they usually take a holistic approach to solving problems and take the time to think about things. In the case of security, not only improving the software itself (in terms of minimizing security vulnerabilities in the software) is being worked on, but since they realize you will never bring down the number of vulnerabilities to zero, they also work on tools to proactively detect security issues and defend the user from it. Since a lot of “security issues” are a result of the user being misled, like in the case of spyware, they are also releasing tools which can help the user to determine if certain software is safe to use and tools to help the user monitor suspicious activity on their system. In addition they are also working on the infrastructure which is needed to be able to respond to security issues in a timely and straightforward manner for end-users. Their approach is something the Linux people can learn a lot from.