Microsoft Makes Security Pledge — Again

You IT professionals can stop worrying now. Your security woes will soon be a thing of the past.

Normally I hesitate to express such unbridled optimism, but earlier this
the chairman of the World’s Most Important Software Company looked an
auditorium full of IT security professionals in the eye and solemnly assured them that “security is the most important thing we’re doing.”

And this time he really means it.

That, of course, is the problem: IT pros have heard this from Bill Gates and
Microsoft many times before, usually soon after Microsoft had taken a
pounding for problems caused by hackers and virus writers exploiting the
numerous security holes in the company’s software, particularly its Internet
Explorer browser. Yet the nuisances infiltrating networks and computers
through Microsoft products grow each year.

Indeed, it’s no accident that Microsoft is mounting another security PR
blitz now, for the company is trying to reverse the steady loss of IE’s
browser market share to Mozilla’s Firefox 1.0. The latest numbers from the
Web analytics firm WebSideStory show that the free, open-source Firefox
browser — released early last November by the nonprofit Mozilla
Foundation — was nearing 5 percent of the browser market share in January.
That’s about 16 million users. Explorer’s market share, meanwhile, has
slipped below 91 percent for the first time in three years.

While it might not sound like much — and the Mozilla folks say they’re only
shooting for 10 percent market share — that 5 percent can turn into 25
percent in a couple of years if enough people are motivated to make the
switch from IE. There are serious implications for Microsoft once more
Web sites re-architect so they can work with non-Microsoft browsers. This
migration toward open standards has already begun.

As part of the effort to shore up user confidence in Microsoft’s software,
Gates had the splendid opportunity of giving the opening keynote speech at
this week’s annual RSA conference in San Francisco, arguably the most
high-profile IT security event. I wasn’t there, but by all accounts I’ve
heard from those in attendance, it was a desultory address given to a
decidedly underwhelmed audience of IT security pros. The word “boring” came
up more than once in describing Gates’ keynote.

In terms of substance, Gates told attendees the next version of IE will
feature additional levels of security to combat spyware, viruses and
phishing scams. The Microsoft founder also revealed plans to create a
virtual network of victims — that is, users — who will report on what code
they downloaded and the havoc it may have wrought on their systems.

But it was Gates’ announcement that Microsoft would launch its own free
anti-spyware tool that drew a strong
from Symantec CEO John
Thompson, who dismissed Microsoft’s security efforts.

“We applaud Microsoft’s actions but I’m not sure their software is
sufficient for large enterprises, and they may be incapable of doing so,”
Thompson said in a keynote later Tuesday. “No one believes that a single
security vendor is the best solution.”

Make that almost everybody, John. I suspect some folks in Redmond may
feel otherwise.

Going beyond what Thompson said, it’s safe to say that most users would
prefer Microsoft to focus on improving what goes out the door rather than
spend time designing tools to fix problems caused by its own software
vulnerabilities. After all, other than persuading Internet rogues to lay
down their malicious scripts and embrace goodness, the most effective way to
reduce security problems is for Microsoft to upgrade what it ships.

You’ve got to wonder which is more likely.

News Around the Web