I've been getting one question a lot these days from readers, friends and colleagues whose PCs have been infected, hijacked or hacked: "When are computers going to get safer?"
Considering the software involved, the query would be better phrased as, "When is Windows going to get safer?"
Microsoft chief Steven A. Ballmer said he was "not dissuaded in the slightest" that the company did the right thing on security.
(Photo Michael Williamson -- The Washington Post)
|
_____Live Online_____
•
Transcript: Rob Pegoraro was online on April 5 to discuss his recent tour of Microsoft's home of the future and his review of two movie downloading services.
|
| |
| | | | ___Personal Tech E-letter___ Washington Post personal technology columnist Rob Pegoraro answers reader e-mail and expands on themes he touches on in his weekly newspaper column. The e-mail version of this weekly feature includes links to the latest gadget and software reviews.
• Click Here for Free Sign-up
• Read E-letter Archive
| | | | | | |
|
The operating system used by more than 90 percent of people is the primary and often the only target for viruses, worms, trojans, spyware and other forms of malicious code.
So what is Microsoft doing about it? It's offering a free CD-ROM with every bug-fix update it has released through last October for Windows 98 and its successors (www.microsoft.com/security/protect/cd/order.asp). It's readying a comprehensive, free "Service Pack 2" update to Windows XP that should ship this summer.
And Microsoft is trying to explain itself better, which is how I wound up sitting down with chief executive Steven A. Ballmer for a 40-minute interview on Wednesday.
After a few introductory questions about how security issues had affected Microsoft's bottom line and Ballmer personally (his family and friends don't like browser hijacking and pop-up ads either), I got to the point: Does the company regret adding any of the product features that have since been exploited so relentlessly?
In a word, no. "It's all a question of point in time," he explained -- Microsoft had customers and competitors to attend to, and security wasn't the biggest priority then.
Take Web browsers, for example. "The browser wars were never about security, the browser wars were about features," Ballmer said, explaining why Microsoft added such items to Internet Explorer as ActiveX software to run Windows programs inside the browser. "I'm not saying that was right, with 20/20 hindsight; all I'm saying is the competitive marketplace took us all in a certain direction."
Was it a bad idea, then, to integrate the browser so deeply into its operating system? "No, no," he said, calling that decision "the only future-looking, forward-looking, sensible thing" the company could have done, considering how much information comes in the Web's HTML format.
The role of security is "now clearer," he said. "But I'm not dissuaded in the slightest that we did the right thing in integrating that technology."
Ballmer, however, left out one important factor in these examples -- how Microsoft added these features. Instead of developing tools no more powerful than necessary for their assigned task, the company built in far more capabilities than needed.
ActiveX programs, for instance, aren't confined to doing things inside a browser window; as browser-hijacking victims have learned, they can make fundamental changes to system configurations. And Internet Explorer's inseparable integration into Windows means -- as the government's CERT computer-security office warned on Thursday -- that it's possible to be attacked just by opening a help file in Windows, since IE is used to display that content.
Microsoft never does things halfway, and I don't mean that as a compliment.
This has taken a toll on usability as well. Consider Ballmer's answer when I asked why Microsoft did not turn on Windows XP's firewall feature by default. Ballmer said the firewall might disable some programs, confusing computer owners.
"We made that decision in the spirit of usability," Ballmer said. Now, priorities are different: "Today's wise usability choice . . . is different from the correct usability choice of two years ago."
Having made these decisions, what's Microsoft doing to secure its software now? Its free update CD is a commendable step. The same goes for the Service Pack 2 update, which should tighten many default settings in Windows XP and make it significantly more secure. "It's our job to make it easy for that customer to stay safe," he declared at the end of the interview, gesturing vigorously.
To meet that goal, the company might also have to build antivirus capabilities into Windows. "I think we're going to have to confront that issue," he said.
Microsoft gets a lot of grief for putting other companies out of business by adding features to Windows. But if virus protection is one of the three critical, canonical ingredients of PC security -- as Microsoft always says in its ads -- then isn't Windows incomplete without it?
Ballmer said that Microsoft would probably add this protection through "behavior blocking," in which Windows warns you if it thinks something squirrelly is about to happen. It's a way to protect users from themselves, he said: "We sort of take the human being out of the loop at the first step. We let the computer software make the first intelligent evaluation."
Whatever Microsoft does will be done on its own. When asked if he saw anything worth imitating in competing products, Ballmer was succinct. "No," he said, calling other companies' work "less sophisticated" than Microsoft's. "There certainly are people we can learn from, but I think we're out in front of the pack."
On strictly technical grounds, that may be true. But for Microsoft to ask its customers to keep buying its products, let alone accept being taken "out of the loop" by them, it needs to show some humility. Saying that it never made any real mistakes will not win back its customers' trust.
When I agreed to this interview, I wondered if I'd hear the sort of "I apologize" statement we heard from former White House counterterrorism coordinator Richard Clarke. I'm still waiting, and I think many other Windows users are too.
Living with technology, or trying to? E-mail Rob Pegoraro at rob@twp.com.
