Microsoft security center
There has been much ado lately over the Microsoft Security Center in their new operating system, Vista. The Security Center was introduced in service pack 2 for Windows XP, so it has been around a while. Microsoft intends to take the Security Center to the next step in Vista as part of their Secure Computing initiative.
I applaud this. Windows is suffering from the double whammy of immense popularity and a historical code-base that focused on features first and security a distant third. Windows is famously insecure because of the historical code and not so historical software development practices. Windows Vista is several years late thanks to rethinks on the part of Microsoft to try and get it right this time.
They're still a long ways off, and they admit this. Their ultimate goal is the operating system after Vista, with Vista being the transitional phase to the secure platform. In my opinion it'll probably 2012 before we see that operating system and a lot can change in the mean time.
Microsoft is facing an exceedingly difficult challenge right now. They have a historical product that sets expectations for how things will operate. They have an immense range of software developed for the Windows platform as it exists right now that needs to run reasonably well on Vista when it comes out. They need to make Vista much more secure than any of the previous Windows. They need to allow the end-user to do things that they've become accustomed to with Windows. Most of all, no one in the history of computing as done all of that before so they are breaking new ground.
The Security Center made the news twice in the past week. First some European Union commission told Microsoft that they need to de-bundle the Security Center to allow European security companies to continue to offer products that fill that niche. Second, Symantec and McAfee have issued statements, likely inspired by the EU statement, to identical effect. I expect the big OEMs, Dell, HP, and Gateway, to also issue statements to that effect for economic reasons. The OEMs because they can get a kick back from Symantec or Dell if they install their product instead of Security Center on PC's they ship to customers; all with obligatory free trial periods of 60/90/120 days.
The reason these companies exist in the first place is because past versions of Windows have been so horribly broken. Now that Microsoft is making the attempt to fix that, these companies are crying 'Monopoly!' as a major hunk of their business is (potentially) lost due to Microsoft's not-very-sudden adoption of the 'security first' principle. This is a good citizen practice that we need to encourage, not the same thing as bundling Media Player with Windows. Security is not a value-add like Media Player, it's a base expectation like being able to access a newly installed hard-drive.
Forcing Microsoft to pry open security just to protect companies that have grown up to fill that niche is protectionism pure and simple. I expect that from the EU. I expect that from McAfee and Symantec thanks to pure business interest and potential loss of business. A very expected reaction of private capitalist enterprise. They're both wrong from ethical standpoints.
Microsoft is not going to stop viruses and malware with Vista. Any operating system that commands over 80% of market-share will face that problem. If Macintosh got that popular, Mac would be the #1 target of viruses and malware, smug advertising not withstanding. If Linux got that popular you'd see the same thing. Microsoft faces this problem largely due to their market position, and it's just the poor engineering that went into previous Windows versions that makes such grey and black market activity easier. And not coincidentally, drives significant economic activity to plug the holes the bad-ware writers exploit.
One of the most frequently cited reasons for why Microsoft shouldn't be mandating security like this, besides the protectionist ones of course, is because their history is so bad. Microsoft has spent a lot of time trying to get it right, and we haven't had a chance to see what their version of 'get it right' looks like. It won't be perfect, they've said as much themselves. They're still working on the usability/security problem, as the betas of Vista have proven. SP1 of Vista will probably fix a whole range of user-interface usability problems that real-world testing will illuminate once Vista ships and everyone from mom, to small business, to IBM try to deploy it in some way. This move will be as dramatic a change as the move from Windows 3.1 to Windows 95 was over a decade ago.
Microsoft needs to do this. Claims of economic expediency for them not taking such a hard line on security are from people who haven't taken a solid look at the whole picture. The aptly named, 'Broken Window Fallacy,' covers this quite well. All the resources spent by third parties to keep Windows secure is economic inefficiency. That's industry wasted that could have been used elsewhere. Microsoft doing it right from the first means a drag on innovation in the IT industry can be removed. That benefits us all.
I applaud this. Windows is suffering from the double whammy of immense popularity and a historical code-base that focused on features first and security a distant third. Windows is famously insecure because of the historical code and not so historical software development practices. Windows Vista is several years late thanks to rethinks on the part of Microsoft to try and get it right this time.
They're still a long ways off, and they admit this. Their ultimate goal is the operating system after Vista, with Vista being the transitional phase to the secure platform. In my opinion it'll probably 2012 before we see that operating system and a lot can change in the mean time.
Microsoft is facing an exceedingly difficult challenge right now. They have a historical product that sets expectations for how things will operate. They have an immense range of software developed for the Windows platform as it exists right now that needs to run reasonably well on Vista when it comes out. They need to make Vista much more secure than any of the previous Windows. They need to allow the end-user to do things that they've become accustomed to with Windows. Most of all, no one in the history of computing as done all of that before so they are breaking new ground.
The Security Center made the news twice in the past week. First some European Union commission told Microsoft that they need to de-bundle the Security Center to allow European security companies to continue to offer products that fill that niche. Second, Symantec and McAfee have issued statements, likely inspired by the EU statement, to identical effect. I expect the big OEMs, Dell, HP, and Gateway, to also issue statements to that effect for economic reasons. The OEMs because they can get a kick back from Symantec or Dell if they install their product instead of Security Center on PC's they ship to customers; all with obligatory free trial periods of 60/90/120 days.
The reason these companies exist in the first place is because past versions of Windows have been so horribly broken. Now that Microsoft is making the attempt to fix that, these companies are crying 'Monopoly!' as a major hunk of their business is (potentially) lost due to Microsoft's not-very-sudden adoption of the 'security first' principle. This is a good citizen practice that we need to encourage, not the same thing as bundling Media Player with Windows. Security is not a value-add like Media Player, it's a base expectation like being able to access a newly installed hard-drive.
Forcing Microsoft to pry open security just to protect companies that have grown up to fill that niche is protectionism pure and simple. I expect that from the EU. I expect that from McAfee and Symantec thanks to pure business interest and potential loss of business. A very expected reaction of private capitalist enterprise. They're both wrong from ethical standpoints.
Microsoft is not going to stop viruses and malware with Vista. Any operating system that commands over 80% of market-share will face that problem. If Macintosh got that popular, Mac would be the #1 target of viruses and malware, smug advertising not withstanding. If Linux got that popular you'd see the same thing. Microsoft faces this problem largely due to their market position, and it's just the poor engineering that went into previous Windows versions that makes such grey and black market activity easier. And not coincidentally, drives significant economic activity to plug the holes the bad-ware writers exploit.
One of the most frequently cited reasons for why Microsoft shouldn't be mandating security like this, besides the protectionist ones of course, is because their history is so bad. Microsoft has spent a lot of time trying to get it right, and we haven't had a chance to see what their version of 'get it right' looks like. It won't be perfect, they've said as much themselves. They're still working on the usability/security problem, as the betas of Vista have proven. SP1 of Vista will probably fix a whole range of user-interface usability problems that real-world testing will illuminate once Vista ships and everyone from mom, to small business, to IBM try to deploy it in some way. This move will be as dramatic a change as the move from Windows 3.1 to Windows 95 was over a decade ago.
Microsoft needs to do this. Claims of economic expediency for them not taking such a hard line on security are from people who haven't taken a solid look at the whole picture. The aptly named, 'Broken Window Fallacy,' covers this quite well. All the resources spent by third parties to keep Windows secure is economic inefficiency. That's industry wasted that could have been used elsewhere. Microsoft doing it right from the first means a drag on innovation in the IT industry can be removed. That benefits us all.
posted by Corwin at 8:55 PM
0 Comments:
Post a Comment
<< Home