Microsoft chooses security to increase consumers’ trust in computers, writes David Shapshak
The computer world entered a new era last week, if Bill Gates is to be believed, when the Microsoft boss announced that “trustworthy computing” is now the “highest priority for all the work we are doing”.
It couldn’t come any sooner for beleaguered computer users, who are all too accustomed to virus attacks and the fear of their privacy, identity and financial safety being compromised on the Internet.
Gates sent out a rare “memo” by e-mail to his staff last week priori- tising security. “When we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasise security right out of the box. We must lead the industry to a whole new level of trustworthiness in computing.”
Reliability and security are two issues that have repeatedly dogged Microsoft’s operating systems (OS) and other products.
Gates’s e-mail is considered an epiphany by the computing industry and the press because of its rarity and because such pronouncements usually presage new ventures that Microsoft will devote itself to.
It might be a bit much to say that the e-mail has provoked a kind of state of the nation analysis of the computer industry as a whole, but any news is better than the bad news of late.
Last year the global IT industry was limping after two years of sustained economic downturn, slowing computer sales, the detritus of the dotbomb fall-out and the general lack of confidence in what was once a high-flying industry.
Although the computer industry’s global shipments shrank 4,6% last year the first time it has done so since 1986 according to research firm Gartner Dataquest, Microsoft had record earnings of $7,74-billion for the final quarter. This was an 18% increase over the $6,55-billion reported the previous year.
Microsoft had a good quarter, on the back of its new OS release in October (Windows XP), a new productivity suite (Office XP), a new gaming device to compete for the home platform dominated by Sony’s PlayStation 2 (the Xbox), and MSN 7 (its Internet-based browser for using its Internet portal, MSN).
But users are not very “error tolerant” when their PCs give them trouble, not least of which when they have to interpret the highly codified, acronym-heavy language that the computer industry uses. Even the built-in help functionality of Windows XP can’t solve all the problems, nor convince users they are getting a better deal for their upgrade money.
Gates says as much in his e-mail: “As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable. Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company.”
Blaming Microsoft for an e-mail virus or an Internet problem may not be the first association most ordinary users have, but it is, in fact, the Redmond giant’s software that has allowed for the kind of virus epidemics witnessed in recent years.
Two of the most destructive virus variants, known as worms, to date were last year’s Code Red and Nimda and they exploited vulnerabilities in Microsoft’s Internet Information Server software. Additionally, many viruses propagate themselves using the ubiquitous Outlook and Outlook Express e-mail programs, such as the Melissa and LoveBug viruses of 1999.
Many are carried in the coding language of Microsoft Word and are increasingly sent as e-mail attachments although Microsoft can’t be blamed for such bad netiquette, or the etiquette of using the Internet, where those in the know send only plain text, not HTML, messages and never send attachments.
But Microsoft has been repeatedly hacked for years on end. Last month a serious flaw was revealed in its flagship Windows XP operating system which has been touted as the most secure and reliable ever. In November a flaw in Microsoft’s Passport authentication protocol allowed access to secret financial data stored in an e-commerce buying service, Wallet. Recently there was a glitch with its Windows Update service. Other flaws have been exposed over the years in Internet Explorer, IIS, Outlook and Outlook Express.
Microsoft claims, with some veracity, that it is the target of malicious hackers who want to see its downfall or embarrass it. Other industry leaders have said that because of its prominence it attracts much more flak. Some technies even think Microsoft deserves it for writing what they call “bloatware”, or large and inefficient programs that do too many things and need massive amounts of hard-drive space.
Be that as it may, with the flak comes the revelations, bad press, poor public opinion and general lack of trust.
Microsoft has never been known to get it right on the first attempt. The first releases of new OSs and software are renowned for being bug-ridden and problematic, requiring numerous releases of “patches” to solve them. These are then bundled in “service packs”. Service Release 1 for Office 2000, for instance, is 27 megabytes, while the second one is 250 megabytes. That’s a lot of patches.
Gates’s new enthusiasm for trustworthiness might signify that Microsoft plans to get it right first off, instead of in subsequent incarnations, as has been the case in the past. One reviewer said XP was intended for Windows 2000 but Microsoft didn’t have time to complete it and it was still buggy.
However, over the past few years Microsoft has launched itself in another direction. From being the maker of desktop-computer software, it embraced the Internet scooping majority market share from Netscape’s Navigator browser, before turning its attention to the instant messaging and media-playing software add-ons and making them a part of the OS, as in XP moving towards Internet services that can run across multiple computing platforms.
Windows CE (consumer electronics) was a hopeless flop in its first version, but subsequent versions now branded Pocket PC, in collaboration with key hardware manufacturers such as Compaq’s iPaq and HP’s Jornado are scooping up market share in the ever-growing hand-held arena.
Gates has been punting a new Tablet PC, a kind of laptop monitor without a keyboard, that is a full-functioning machine. Claiming he already uses it as his “everyday computer”, he predicted that within five years “it will be the most popular form of PC sold in [the United States]”.
At the Consumer Electronic Show in Las Vegas earlier this month, two new initiatives had tongues wagging Mira, a wireless home technology platform, and Freestyle, which promises a TV remote-like device for turning computers into home entertainment centres that can download and watch movies, edit them or be a digital hi-fi.
But central to all of this is the much-vaunted .NET strategy, that will tie it all together. It will allow users to store crucial personal information (from your name and e-mail address to contacts book and diary) online, as well as financial data (such as credit card or electronic wallet systems) and provide online authentication. Instead of registering at several online merchants (such as Amazon.com or Pick’nPay.co.za) you do it once through Microsoft, which will then verify your identity and financial standing when you want to pay. You will also be able to access your diary, e-mail et al from multiple devices. These include your hand-held personal digital assistant, next generation of mobile Internet-enabled cellphone or any of the other Tablet PC or Mira devices.
But as Gates points out in the first paragraph of his e-mail: “Over the last year it has become clear that ensuring .NET is a platform for trustworthy computing is more important than any other part of our work. If we don’t do this, people simply won’t be willing or able to take advantage of all the other great work we do.”
His fiercest critics including computer industry bigwigs think not. Their key concern is that Microsoft does not use open standards, where the programming is made freely available and adapted, for instance, by the thousands of computer programmers who have worked on the alternative operating system Linux, adding and subtracting to make it more robust. As a result Microsoft’s “closed” technology is not open to the techie equivalent of academic peer review. The only way to know it works is if Microsoft says so, while scientists publish their findings and methodology for their colleagues to review and test before it is judged.
Gates is blunt about the status quo. “No trustworthy computing platform exists today. It is only in the context of the basic redesign we have done around .NET that we can achieve this.”
With any luck, his e-mail is the epiphany some have called it. Maybe we’re about to see a new era of computing. Let’s hope Microsoft gets it right the first time this time round.