|
Bill Gates reportedly said recently that "Security is actually our top priority"... That struck me as an amusing statement for several reasons, which I'll elaborate on...
For a variety of reasons, I don't watch television news broadcasts much, so I didn't see the broadcast I'm about to comment on. But I've read ABC's article about that broadcast, so I think I have the gist of it.
In an interview with Peter Jennings, Bill Gates said the words in quotes above. I thought his choice of the word "actually" was an interesting one. Is he saying that "Although people think our goal is world domination, security is actually our top priority" or "Even though it sure seems like we suck at it, security is actually our top priority"? Maybe the use of the word "actually" was a sort of verbal typo, I don't know...
You have to wonder why Microsoft seems to be so capable of squashing its competition and gobbling up new technologies, yet seems to have so much trouble squashing security bugs in its products. I suspect that there are probably several reasons for this, including:
- MONEY: There is little money to be made with a more-secure Internet Explorer. People already use it as it is, and Microsoft doesn't sell the software, so there is no financial incentive to put hours upon hours of work into testing the product and getting the bugs out. Windows, too, sells just fine as it is. Sure, the security bugs are embarrassing, but they aren't doing much to the bottom line. (Consider the Windows XP Activation technology, which is a kind of security. It impacts the bottom line directly, so Microsoft has put considerable effort into working the flaws out of this area. Compare that to pop-up blocking or spyware/adware blocking, which is only now getting attention, and apparently only as an add-on product at additional cost.)
- CORPORATE CULTURE: Security isn't "cool" to most people. It's an expectation, an assumption, or a requirement, but it isn't something people look at and say "Wow!" about... This is probably as true inside the Redmond campus as it is in the rest of corporate America. Tell your boss you made the network more secure and you'll probably get a "nice job" answer. Tell them you implemented the latest buzzword technology and you might hear that "Wow!" response. Thus, the corporate culture tends not to reward a company for making a more secure product... and developers tend to place less emphasis on security.
- COMPETITION (LACK THEREOF): I realize that Windows does have competition in the marketplace. Two of its most relevant competitors are Linux and Mac OS X. Linux is a great operating system, superior to Windows in many respects. Mac OS X is also a fine operating system, though in my opinion somewhat incomplete and immature. But neither of these is displacing that many Windows desktops, especially not with home users (think your grandma, aunts, etc.). While the Mac may have enough ease of use, the more popular commercial products (and the latest games) don't run there. Linux (and by virtue of being UNIX-based so does OS X) has a wealth of applications available, but the ease of use still lags behind Windows (and OS X). Microsoft still has the desktop market sewn up, so while Linux and OS X might be (arguably) more secure than Windows, their advantages aren't translating into a lot of pressure on Microsoft. At least not yet.
If someone can find a way for Microsoft to see the money in improved Windows desktop security, put a "spin" on security so that it becomes "cool" to have a more secure operating system, or if the competition start winning in the marketplace because of their better security, I believe that we'll see Microsoft step up to the plate and start going after security as aggressively as they've gone after their competitors in the past. And that will really be something...
Related Blogs:
Related Links:
|
