Microsoft Says Proprietary Software Needs Proprietary Security
from the going-it-alone dept
In the endless cat and mouse game that is computer security, it’s common to hear of some worm or exploit (usually targeting a Microsoft product), and then wait for an official patch. However, as we’ve noted in the past, sometimes third parties can come out with a patch before Microsoft can, which might be expected from a company with their size and bureaucracy. You’d think Microsoft would want to foster this kind of support and community, as these companies are doing their work for them. Instead the company is discouraging use of these fixes. They argue that only Microsoft fixes are guaranteed to work with other applications, and future versions of the software. Here the company should take a cue from the open source community, and the concept of the perpetual beta. People like continuous marginal improvement as opposed to infrequent upgrades that just require more patches. In security, especially, there’s never a final fix, just temporary advantages over attackers. If Microsoft succeeds in pushing away third-party security offerings, they’ll only strengthen the perception that competing products are safer to use. Update: News.com reports that a recent project to clean up bugs in open-source software went extremely fast, with developers fixing 900 bugs, in 32 pieces of software, over a two week period. While Microsoft isn’t going to let developers tinker with their source-code directly, they should do their best to harness the speed of the community in fixing problems.
Comments on “Microsoft Says Proprietary Software Needs Proprietary Security”
Would you guarantee...
You’d think Microsoft would want to foster this kind of support and community, as these companies are doing their work for them. Instead the company is discouraging use of these fixes.
Would you guarantee other people’s work? If I were M$, I wouldn’t want to be liable for work, that people who are not under my control, have done. You could essentially get sued for what some other chump has done.
So even if I didn’t mind it, I would still come out publicly against it.
Re: Would you guarantee...
I think mike Shizzle is on point here. As a software developer I love the idea of open source, but I’m hard pressed to see how many of the big name/big profit software houses (think Microsoft) will ever adopt it or it’s community as a paradigm for improving their product, and I understand completely. The entire idea behind big software houses is produce the mousetrap everyone uses, not necessarily the best mouse trap. In fact, one could argue that fast resolutions to problems will most times hurt a software company because if people have sofware that works well, they’re less apt to buy the new latest greatest version. So in a way, the virus writers are actually propelling microsofts sales because microsoft can promise that the next version of their software will finally “get it right”
Of course, the entire theory above is predicated on the notion that software has to be “just good enough” which in and of itself sucks but it does play into the continued profitability of Microsoft and others.
Re: Would you guarantee...
Would you guarantee other people’s work? If I were M$, I wouldn’t want to be liable for work, that people who are not under my control, have done. You could essentially get sued for what some other chump has done.
Ever read the EULA? Ever talk to a company Microsoft rep?
Microsoft does NOT guarantee their work….to ANYONE.
Patch screws up and wipes out your million dollar database? You can’t sue Microsoft.
Customer support? Well you gotta pay for that too.
When using Open Source, you can have the same guarantees (none) that Microsoft gives you. Faster fixes, better quality, lower prices, lower operating costs AND you CAN get the SAME customer support Microsoft gives you with any one of a number of established and reputable support companies.
Take a look sometimes…ignorance isn’t bliss…
Don't be so hard on it
Mike, I think you’re being rather critical of the machine that is Microsoft. In an enterprise solution, where you have an incredible amount of support from MS, one can’t just install a 3rd party patch and think everything will be OK. Microsoft doesn’t make as much money off of the guy going to Best Buy and buying XP than does say the US AF. It’s just not good business sense to throw away top notch customer service because you can’t wait a few weeks. Hell, most of the time the issues can be stop-gapped by disabling a particular component for a few weeks (if you’re that bent up over the issue). I agree that security is not something achieved once and you don’t worry about it; however, the changes made in a closed source application have many, many ripple effects that aren’t seen by someone closing up one little item–configuration management.
Re: Don't be so hard on it
My apologies, Joe, Mike. It sounded like a “Mike” article.
I’d also like to add that during events known as “bug bashes” microsofties fix well over 900 bugs in two weeks’ time.
“They argue that only Microsoft fixes are guaranteed to work with other applications, and future versions of the software.”
Not even Microsoft can guarantee that its own “tested” patches will work with other applications. I’ve had plenty of problems where a Microsoft patch will break a perfectly legitimate peice of software I needed. I’ve had issues with printer drivers, video drivers, a firewall app, and various other software applications that have been “broken” because I’ve updated Windows with a new patch. Then I either have to roll back the update or wait for the original manufacturer to come out with their own patch to fix their printer or software to Microsoft’s new patch.
Microsoft and Proprietary Security Software
Hello Joe,
A well written article. I particularly like your statement ” People like continuous marginal improvement as opposed to infrequent upgrades that just require more patches.” Truer words were never said. I have always updated my XP software since day one (Oct 2001) and I must admit,virtually all were to fix bugs or security issues. I believe I am well past 200 of them. Now these patches probably included fixes for numerous issues. Although as a SOHO I have never had a problem with XP. But with over 4.5 years of patching and fixing I would not expect to have any.
Microsoft of course requires ‘new versions’ in order to keep the revenues flowing and indeed they do.
Microsoft and Proprietary Security Software
Hello Joe,
A well written article. I particularly like your statement ” People like continuous marginal improvement as opposed to infrequent upgrades that just require more patches.” Truer words were never said. I have always updated my XP software since day one (Oct 2001) and I must admit,virtually all were to fix bugs or security issues. I believe I am well past 200 of them. Now these patches probably included fixes for numerous issues. Although as a SOHO I have never had a problem with XP. But with over 4.5 years of patching and fixing I would not expect to have any.
Microsoft of course requires ‘new versions’ in order to keep the revenues flowing and indeed they do.