Anyone Remember “Security”

An article by Adam L Penenberg on Slate Magazine should refresh everyone’s memories regarding Microsoft and security issues. Penenberg takes the opportunity in his article to remind us of the commitment that Bill Gates promised everyone was job one at Microsoft:

Four years ago, Bill Gates dispatched a companywide e-mail promising that security and privacy would be Microsoft’s top priorities. Gates urged that new design approaches must “dramatically reduce” the number of security-related issues as well as make fixes easier to administer. “Eventually,” he added, “our software should be so fundamentally secure that customers never even worry about it.”

I remember that being the big talk when it happened and was happy that Bill was committing the entire company to that direction. However, as Penenberg goes on to illustrate in his article, I’m not feeling too much more secure now than I was before the e-mail from Gates.

I’m glad Adam takes the time to state that Microsoft isn’t the only guilty company of security breaches. I think the problem that Microsoft really can’t do much about is the fact their so huge and prominent, even a small target on their systems is a HUGE one compared to a larger target on a less popular software or hardware company.

The key is to be an educated and informed user. I’m not real big on avoiding Microsoft products. I think you can enjoy Microsoft’s products and be protected by having a couple of layers of protection and being alert to what needs to be on your mind regarding security:

What can you do to protect yourself? Besides avoiding Microsoft products, one way would be to use substitutes whenever possible. If you run Windows or the upcoming Vista, use a different e-mail program, browser, and/or media player than the ones that come in the box. Stay up to date on patches and anti-virus software. And the next time Bill G. promises to make software that is so fundamentally secure that customers never have to worry about it, ask him what decade he plans to release it.

Deb Shinder at WXPNews has some great thoughts about this topic in her recent e-mail newsletter:

Microsoft and other large software companies have a vested interest in seeing that security vulnerabilities in their products get fixed, but they also have a responsibility to those who use and depend on their products to get work done to “first, do no harm.” That’s why they have entire departments dedicated to responding to security incidents and reports of vulnerabilities, and set procedures for creating and testing patches before releasing them to the public. You can read about the Microsoft Security Response Center (MSRC) process for managing vulnerabilities at http://www.wxpnews.com/rd/rd.cfm?id=060110ED-MSRC. I personally know that there were a lot of people on that team who worked through the Christmas and New Year’s holidays, when many of us were spending time with our families or out partying, to address various security issues that had come back over the holidays.