Microsoft security: Your thoughts, Part 1

I know that when I write something like last week’s “Microsoft security: Why Redmond should be commended for its efforts” that I’ll get an inbox full of comments. Typically, the comments start out along the lines of “Kearns, you worthless piece of…” and there were some of those this time, also. But the tally was running very close between readers who agreed with me and those who were, um, still confused. 

Today we’ll look through some of the positive comments, but I’ll get to the other sort in the next issue. Provided, of course, no major breaking news takes precedence.

Late last week Microsoft shed more light on its emerging security initiatives at its worldwide partners conference (https://www.nwfusion.com/news/2003/1009mssec.html). I’ll take a few days to digest the information, then offer my thoughts on it next week.

One correspondent liked the general idea of a Microsoft provided firewall or “shield” but suggested the company should give it away in order to ensure maximum installation. While I’ve never been known to turn down something that’s “free,” still I have a nagging suspicion that you really do get what you pay for.

Occasionally there’s a “free” offer that is promoting a profit-making article (like Shavlik’s HFNetChkLT patch manager, which is a free version of its for-profit HFNetChkPRO application). But when a major company develops and distributes something for free, you need to examine its motives and determine if it’s still a “good buy.” The free Internet Explorer, after all, got Microsoft into a lot of trouble with the government.

Other correspondents suggested that users have to take more responsibility for their computing activity and not rely on software vendors to automatically protect them from harm. There are strong public service campaigns in the U.S. to remind those with automobiles to practice defensive driving and to remind teenagers and young adults to practice safe sex. Defensive computing, safe computing – gee, why not “trustworthy computing?” Perhaps this is an area the Bill & Melinda Gates Foundation could explore.

A number of people suggested that Microsoft takes the program it has instituted in Japan (see “Microsoft begins security CD giveaway in Japan,” https://www.nwfusion.com/news/2003/0919microbegin.html) and extend it to other countries. Perhaps a stack of free CDs on the checkout booth at grocery stores would work. One person even suggested Redmond get together with Time-Warner and do patch distribution on those ubiquitous AOL CDs that we all seem to have too many of. That would work, but would require a degree of cooperation that I don’t think either company is capable of.

Still, I stand by my statements commending Microsoft for finally taking security seriously, and I’m heartened to see that roughly half of you agree with me.