Wednesday, August 08, 2001
I, Cringely | The Pulpit Robert X. Cringely presents the case against Microsoft, this time from the perspective of willful disregard of system and application security. He makes a number of good points, but there is one I disagree with: He says the lack of security in Microsoft software was a deliberate business decision. Well, yes and no. I believe Microsoft has put usability and interoperability at the top of their list of desirable features. So, yes, that's a business decision. But to declare that Microsoft has something against security and actively decided not to include it in their products is a little too simplistic. The reason all the email viruses and IIS security flaws exist is because Microsoft is trying to make their stuff easier to use. I believe they started out pretty naive about this policy, and have only recently showed any signs of getting a clue about how to design a secure system. But, unfortunately, their legacy software prevents them from doing the right thing. They did try to stem the tide of email viruses starting in Office 2000 by including the ability to restrict executable attachments. And the latest Internet Exploder also allows for higher degrees of security. But the bell can't be unrung, the genie can't be put back in the bottle, and hindsight is 20/20 (is that enough cliches in one sentence?) We have to live with an incredibly insecure system because Microsoft's a monopoly. I don't see any way around that.