"Like almost everyone who uses e-mail, I receive a ton of spam every day. Much of it offers to help me get out of debt or get rich quick. It would be funny if it weren't so irritating." -
Bill Gates ("Why I Hate Spam."
Microsoft PressPass 2003)
There are many things a software vendor can do to enhance [microsoft security|security]. If Microsoft® were to take security seriously, here are some of things they would be doing:
- Hold developers accountable by firing those who have caused the biggest security holes in their software - as far as the public can tell this isn't happening
- Fix the 20+ [vulnerabilites] in [Intenet Explorer] as soon as possible
- Put the best spam filter into Microsoft Outlook and/or Microsoft Exchange
- Provide automatic file encryption in every product
- Remove parts of the [EULA]s that absolve Microsoft of accountability - if Microsoft believes security is important and they're doing everything they can to make [Microsoft software] secure, show sincerity by paying for it when making mistakes and costing customers money.
- Give away robust firewall software for free - not just for the latest version of Microsoft Windows, provide it for past versions for users who don't want to upgrade
For as long as Microsoft does not do at least these things their rhetoric about security can not be taken seriously.
JupiterResearch has published a report titled "Security: How IT Managers' Ranking of Microsoft Affects Software Purchasing Decisions." "The report questions whether Microsoft has ignored priorities that matter more to IT decision makers than security, such as cost and interoperability. Interestingly, IT decision maker's view of Microsoft security changes based on whether using Windows or other operating systems, but not among different versions of Windows. Bottom line: The report concludes that customers don't see much improvement in security, either because the differences aren't significant or IT decision makers have yet to realize what the improvements are." (Wilcox, Joe. "Two New Microsoft Monitor Reports: Security, Licensing."
Microsoft Monitor Weblog 14 May 2004)