Microsoft Says Proprietary Software Needs Proprietary Security
from the going-it-alone dept
In the endless cat and mouse game that is computer security, it's common to hear of some worm or exploit (usually targeting a Microsoft product), and then wait for an official patch. However, as we've noted in the past, sometimes third parties can come out with a patch before Microsoft can, which might be expected from a company with their size and bureaucracy. You'd think Microsoft would want to foster this kind of support and community, as these companies are doing their work for them. Instead the company is discouraging use of these fixes. They argue that only Microsoft fixes are guaranteed to work with other applications, and future versions of the software. Here the company should take a cue from the open source community, and the concept of the perpetual beta. People like continuous marginal improvement as opposed to infrequent upgrades that just require more patches. In security, especially, there's never a final fix, just temporary advantages over attackers. If Microsoft succeeds in pushing away third-party security offerings, they'll only strengthen the perception that competing products are safer to use. Update: News.com reports that a recent project to clean up bugs in open-source software went extremely fast, with developers fixing 900 bugs, in 32 pieces of software, over a two week period. While Microsoft isn't going to let developers tinker with their source-code directly, they should do their best to harness the speed of the community in fixing problems.