Trustworthy Computing
Published by marco on
CNN has Gates Orders ‘Trustworthy Computing’ announcing yet another Microsoft initiative that claims to put user’s security concerns first. After the spate of problems reported in Microsoft software (Windows Update, Windows Media Player, numerous IE security holes and the UP&P XP hole), its not surprising to see Gates himself come forward to say he’s going to put a stop to it. But is it more than just lip service this time? Probably not.
Counterpane’s latest Crypto-Gram (January 15, 2002) discusses the recent Microsoft Windows XP Universal Plug-N-Play vulnerability. It concludes two main points:
<q>One, the amount of press coverage is not indicative of the level of severity, and the press is the only way to get the news out to the public. … Unfortunately, the public will have patience for only so many of these stories before their eyes glaze over. The rate of patch installation is decreasing, as people simply stop paying attention. … Two, Microsoft still sacrifices accuracy for public relations value.</q>
It goes on to discuss Microsoft’s continued lack of dedication to writing decent software. The second point above is the more troubling one for users of Microsoft software. They are a convicted monopoly (the findings of fact stand, the sentence was light) that cares only about security so long as it makes bad press. That’s an important distinction from a firm that cares about security for it’s customer’s sakes. Designing and coding a product well is required in order to make a secure product. That’s hard. And things that are hard tend to take longer and cost more.
Richard Forno has a more scathing review of Microsoft’s security history at Who Needs Hackers? We’ve got Microsoft!
<q>Microsoft pays security plenty of lip service for marketing and public relations spin control, but the firm’s history of addressing security problems falls quite short of what security professionals would consider a robust, long-term committment to effectively dealing with the matter.</q>
If people truly want security (and if they don’t today, they will in the future), then it seems that Microsoft cannot, or will not, be the company to provide it.
The importance of image to Microsoft is nowhere more evident that in this pathetic scheme, .Net vote rigging illustrates importance of Web services, reported on ZDNet UK. The site was holding a poll about web services and user’s feelings about the immediate usefulness of them and possible technologies they would use to implement them.
<q>… more than two-thirds of the respondents (69.5 percent), said they planned to deliver some applications by Web services by the end of 2002, with a large majority of those (nearly half the total sample) planning to use Java. Only 21.5 percent said they planned to use Microsoft .Net … But by the time the poll closed … the position had dramatically changed, with three quarters of voters claiming to be implementing .Net.</q>
Analysis of the votes revealed that most of the 11th hour voting was from the .microsoft.com domain, with many having clicked through an email sent company-wide calling out employees to vote. It would be just pitiful except that this is a large, influential tech web site. Everyone knows Internet polls are mostly bunk, but do the upper-level managers that troll these sites know that? In the end, this type of marketing may prove damaging in the short run, but effective in the long run.