[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 27 February, 2004, 12:25 GMT
Trusting Microsoft over security
Security is at the centre of what they do now, says Microsoft. But how can we be sure, asks technology analyst Bill Thompson.

David Aucsmith is Microsoft's security architect, and he came to London this week to ask forgiveness for his company's former sins.

Microsoft chief Bill Gates
Microsoft is starting to take security seriously
Speaking to an audience of senior police officers and security professionals at the E-Crime Congress, he admitted that when Windows 95 was released to the world it came with no security features at all.

I was not there, so I do not know if there was a gasp of surprise, but I doubt it somehow.

We all knew this, after all - it was just unusual to hear a senior Microsoft person admit it.

It is worth being clear about just what that means, because if you say it fast enough - as I am sure Mr Aucsmith did - it sounds like a minor admission of error from a time before the world turned nasty, a rational decision made by a company that gave users what they wanted from desktop computing.

Early worm

Microsoft admits that it did not think about protecting users from hackers, viruses, worms and other malware. It did not worry about keeping personal data safe, or personal computers secure.

Yet the world was hardly safe in the early 1990s, at the time Windows 95 was being designed and built by Microsoft's developers, including the great software architect himself, Bill Gates.

There were viruses.

The first documented computer virus, the Elk Slammer, was released in 1981 and infected the Apple II, the most popular computer of the time.

Bill Thompson
Microsoft's lack of security has become an issue, and one that could damage their commercial success, so they are trying to do something about it
By the mid 1990s there were thousands of them, and most attacked DOS and Windows.

There were worms, beginning with the Morris Worm in 1986 and continuing to this day.

And there were hackers and trojans and denial of service attacks and all the other problems we see today.

There was also a lot of concern about security.

Back in 1993 I was teaching computer security to the Inland Revenue and showing them how to make Unix systems less vulnerable to attack, and they were far from unusual in caring about IT security.

Even back then, most commercially-used Windows PCs were networked, and Microsoft surely knew that they would be.

There had been third-party network software for DOS and Windows for years, programs like PC/TCP and Chameleon, and early versions of Windows supported networking through Windows for Workgroups.

Now, however, Microsoft takes security very seriously indeed. Just as Mr Aucsmith was making his confession and seeking absolution from the e-crime experts, Bill Gates stood up at security conference in San Francisco to show the new features in Windows XP that will help protect users.

They include a better firewall, more control over potentially malicious web pages and an easy-to-find Security Center. All will be part of the XP service pack, and Mr Gates wants every Windows user to download and install it.

Change of heart

We do not have to look far to see why the company has changed its approach.

In his speech, Mr Gates noted that, "today the one real question mark that exists is will the network be reliable enough, protecting information so that people feel that their privacy is preserved?

"Will they be willing to use e-mail and avoid the spam, and will their computers be reliable and not subject to these attacks?"

Getting security right did not matter to Microsoft when users did not seem care about it, but it matters now because it could give individuals, organisations and governments a reason to move from Microsoft's operating system to another, whether Mac OS or a Unix variant.

And if Microsoft no longer provides the operating system, everyone has far less reason to buy their application software, even if it would run on top of the alternative platform.

There are good reasons why Unix - and Mac OS, which is now built on top of a version of Unix - is more secure and less prone to virus attack than Windows.

Computer virus
Viruses plague computer users
Perhaps the most significant is that Unix was designed from the start as a multi-user system on which files and programs belonging to different people would need to be kept separate from one another, and this gives it a security model which has evolved to meet new challenges.

But this also provides a model which Microsoft can emulate in its new releases of Windows, under development today.

In other places, and at other times, I have argued for governments to step in and regulate areas of online activity. I would like to see more control over what search engines do, and more understanding of how content can be regulated.

But this is an example of how the market can work, and how the free flow of information can help the process.

Microsoft's lack of security has become an issue, and one that could damage their commercial success, so they are trying to do something about it.

Of course, if Microsoft is willing to admit that it just ignored all of the known threats and built a completely open system back in 1995, we may want to ask ourselves what sorts of confession we can expect about Windows XP in 10 years time.

Bill Thompson is a regular commentator on the BBC World Service programme Go Digital.


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific