RealTime IT News

Microsoft Makes Security Pledge -- Again

You IT professionals can stop worrying now. Your security woes will soon be a thing of the past.

Normally I hesitate to express such unbridled optimism, but earlier this week the chairman of the World's Most Important Software Company looked an auditorium full of IT security professionals in the eye and solemnly assured them that "security is the most important thing we're doing."

And this time he really means it.

That, of course, is the problem: IT pros have heard this from Bill Gates and Microsoft many times before, usually soon after Microsoft had taken a pounding for problems caused by hackers and virus writers exploiting the numerous security holes in the company's software, particularly its Internet Explorer browser. Yet the nuisances infiltrating networks and computers through Microsoft products grow each year.

Indeed, it's no accident that Microsoft is mounting another security PR blitz now, for the company is trying to reverse the steady loss of IE's browser market share to Mozilla's Firefox 1.0. The latest numbers from the Web analytics firm WebSideStory show that the free, open-source Firefox browser -- released early last November by the nonprofit Mozilla Foundation -- was nearing 5 percent of the browser market share in January. That's about 16 million users. Explorer's market share, meanwhile, has slipped below 91 percent for the first time in three years.

While it might not sound like much -- and the Mozilla folks say they're only shooting for 10 percent market share -- that 5 percent can turn into 25 percent in a couple of years if enough people are motivated to make the switch from IE. There are serious implications for Microsoft once more Web sites re-architect so they can work with non-Microsoft browsers. This migration toward open standards has already begun.

As part of the effort to shore up user confidence in Microsoft's software, Gates had the splendid opportunity of giving the opening keynote speech at this week's annual RSA conference in San Francisco, arguably the most high-profile IT security event. I wasn't there, but by all accounts I've heard from those in attendance, it was a desultory address given to a decidedly underwhelmed audience of IT security pros. The word "boring" came up more than once in describing Gates' keynote.

In terms of substance, Gates told attendees the next version of IE will feature additional levels of security to combat spyware, viruses and phishing scams. The Microsoft founder also revealed plans to create a virtual network of victims -- that is, users -- who will report on what code they downloaded and the havoc it may have wrought on their systems.

But it was Gates' announcement that Microsoft would launch its own free anti-spyware tool that drew a strong response from Symantec CEO John Thompson, who dismissed Microsoft's security efforts.

"We applaud Microsoft's actions but I'm not sure their software is sufficient for large enterprises, and they may be incapable of doing so," Thompson said in a keynote later Tuesday. "No one believes that a single security vendor is the best solution."

Make that almost everybody, John. I suspect some folks in Redmond may feel otherwise.

Going beyond what Thompson said, it's safe to say that most users would prefer Microsoft to focus on improving what goes out the door rather than spend time designing tools to fix problems caused by its own software vulnerabilities. After all, other than persuading Internet rogues to lay down their malicious scripts and embrace goodness, the most effective way to reduce security problems is for Microsoft to upgrade what it ships.

You've got to wonder which is more likely.