Why Microsoft should start over

Whenever the issues of security, bugs, patches and Microsoft operating systems come up someone is sure to say something similar to: “Why don’t they just start over from scratch and build a brand new operating system?”

That would probably work. All the security holes identified up to now could be avoided, corrected or simply plugged. Given the long lead times before release (Microsoft just last week gave developers a peek at what will be coming in approximately 18 months with the Longhorn release), third party applications could be re-written to conform to the new API. But could it create more problems than it solves?

There are two primary reasons why this will never happen.

First, existing applications (such as Microsoft Office) would probably have to be updated to run on the new operating system. The hue and cry about Redmond’s monopolistic practices would reverberate around the world. “Microsoft forces users to update” would probably be the least inflammatory headline.

When Office 2003 (then called “Office 11”) was in beta test last year, users discovered it wouldn’t run on Windows 9.x/Me but required Win 2000 or XP. The earlier desktop operating systems simply couldn’t support the new features, but there were many people seeing a devious plot of the part of Bill Gates & Co., to force operating system upgrades. Backwards compatibility is something users – and marketing departments – are always clamoring for but it’s a major cause of security problems.

The second reason why a brand new, non-backwards compatible operating system won’t ship is simply that it would break too many applications. The major commercial apps could be re-written, but the smaller software vendors, the shareware vendors and the in-house developers rarely have the time or the resources to do a complete re-write of an application. Nor do they always write to published APIs or specifications but often rely on ad-hoc behavior.

As an example, consider the hullabaloo when VeriSign created its Site Finder URL-redirection service so that users no longer got 404 error pages. This broke a large number of anti-spam packages that counted on getting a “domain does not exist” error when probing the alleged sender of an e-mail. Now there’s nothing specified anywhere that requires that this message be returned but over time, a sort of de facto specification had arisen and developers took advantage of it. The same thing happens with operating systems. People rely on generally observed behavior, even though there’s no documentation of it, because “It’s always worked that way.” Build a new operating system and it most likely won’t continue to work that way.

It’s a logical and even reasonable plan to build a new operating system from scratch: It would be more secure, more stable and very likely more efficient. Too bad that the users – you and I – won’t let Microsoft do that.