Lip Service

Won’t They Ever Learn?

You figure after getting caught red-handed, MS would eat some humble pie and try to work the issues out in public. You’d figure wrong. Microsoft began pressing people who did find security leaks in the software to keep their discoveries under wraps. People who tried to do the right thing and notify Microsoft of such leaks were often made targets of intimidation to keep them quiet. Of course, now that the genie was out of the bottle and Microsoft had been denounced by the US government, people began to feel emboldened and decided it was time to put Microsoft in their place. So, more security leaks were discovered and announced and one by one, dents appeared in the Microsoft armor. Bill Gates had put it all on the line, declaring XP as secure as they came. However, the Microsoft Public Relations machine kept trying to deny and minimize the problem. The stakes were simply too high, and this time, Microsoft lost. Big time.

A New Direction

As many of you now know, Bill Gates, in a stunning reversal, admitted the security flaws in Windows XP and has vowed to refocus the efforts from adding fancy features with flash and sizzle to ensuring that security concerns are put at the very top of the wish list for every program Microsoft creates. New ideas would not be allowed to go forth until they were found not to pose a security risk to the consumer.

If you want to be able to log into to Outlook remotely, you had better be able to show that people could not take advantage of that feature to violate system security. If you could not show that, the feature did not make it into the product. It was supposed to be just that simple. Mr. Gates was coming clean and laying his cards on the table, and we were asked to take him at his word that things were going to be different.

Microsoft has been sending all programmers to a series of Security workshops in order to help train them to make their applications secure. They have been on a media blitz demonstrating just how secure they intend to make things. They have outlined procedures and put forth plans of action, all in a move to convince users that they are indeed being sincere. Even the skeptical people, including myself, were impressed. However, good things do not always come to those who wait.

Two Left Feet

Here we have a new edict from the founder of the company. He has stated clearly that he wants things to change and has expressed publicly that he has been embarrassed by the latest turn of events and wants to change the culture at Microsoft to make them better. When people like me, who tend to be cynical about such things, hear something so profound and passionate from the founder of a company, we want to believe them. We want to hope that they mean it and that things are going to change. Unfortunately, reality often smacks us hard in the face and forces us to wake up from our dream world.

On February 20th of this year, I read a story from the Associated Press that only served to confirm my worst fears. It turns out that Windows Media Player 8, a native XP application that cannot be uninstalled by default, has been tracking the songs and movies that XP users have been playing and sending the information directly to Microsoft since the first day XP was made available to consumers. No mention of this fact was made by Bill Gates during his pro-security, pro-privacy press junket. No mention of this was made in the email he sent to all Microsoft employees and leaked to the press regarding the company-wide refocus on security and privacy. Nope, not a word. Not a single word. Not only that, their reaction is to simply change the wording of their privacy statement to avoid a conflict. They have provided no opt-out information, no way for consumers to stop the transfer of such private data. They have, in essence, said “My bad. You caught us. We’ll fess up to it in our privacy policy, but we won’t stop doing it and we won’t tell you what we do with the data.” How are we supposed to trust these big companies when they keep stepping over themselves like this? Come on Bill!