Pass the Crow, Please

Did I say Redmond wasn’t serious about security?

• By Em C. Pea
• 04/01/2002

You faithful readers already know that this gal’s been a wee bit skeptical of Microsoft’s commitment to security in recent years. Some rude people might even say that a bit of cynicism has crept into these columns (I prefer to think of it as realism). But now there’s a new development that’s hard for this IT maven to easily dismiss: Bill Gates has stepped into the security arena personally.

In case you missed it, Bill G. sent around one of his occasional all-hands memos in mid-January, exhorting the masses at Microsoft to devote their efforts to Trustworthy Computing. Of course, the memo was promptly leaked to the press, which is how we know that he’s promoting that concept with Important Capital Letters. Naturally, this brought the professional Microsoft-watchers out of the woodwork. Some airily dismissed the memo as a PR stunt, written only for leakage. Others, such as the normally savvy Bruce Schneier (of Counterpane Internet Security), seized the opportunity to ride their own hobby-horses a few more times around the track; Schneier says Microsoft can’t succeed unless it opens its code to peer review and public scrutiny. As if Bill didn’t already have more than enough smart developers on the payroll to peer review any code to death without sending it off-campus. Still others have said Microsoft will try and fail, or that it won’t even try, or that it can’t afford the costs of making its products secure.

Surely you’ve heard the expression that those who cannot remember the past are condemned to repeat it. Or in this case, those who cannot remember the past are condemned to misinterpret the future. Let’s think about some of the other times that Bill has pointed the Microsoft juggernaut in a new direction, shall we?

In the early 1980s, Microsoft was doing well with MS-DOS as its operating system. A complacent company might have remained there at the command prompt. But, no, Windows became the new strategic direction for the company. It didn’t run real well on the hardware of that era, but that didn’t matter; soon every part of Microsoft was making software for Windows.

In 1995, Microsoft—or more precisely, Bill Gates—noticed the Internet. There was one of those memos telling everyone that this was The Future for the company. And, lo, did many things come to pass, from Internet Explorer to HTML Help to MSN. You can argue that not every Internet initiative from Microsoft has been a success, but it’s clear that—with a big push from above—the entire operation turned in a new direction.

And now, Trustworthy Computing. Sure, it’s possible that this one won’t pan out, but I find it hard to dismiss. Auntie has visited some of the folks in Redmond (with Fabio’s fresh chocolate chip cookies in hand), and she knows that these memos don’t come down the e-mail pike every day. Don’t underestimate Microsoft’s developers. They’re smart cookies (even if they’re not chocolate chip) and when they’re told to concentrate on security, you can be sure they’ll take the problem seriously.

Golden Age? Hardly. Turning over a new corporate leaf? Sure looks that way. More secure products? Wait a year to be sure, but Auntie says, yes.

And now if you’ll excuse me I need to get out the silverware and some salt.