Microsoft considers charging users for security

The idea is still only hypothetical, but represents an acknowledgement that Microsoft sees security not just as a necessary condition to reassure existing and future customers, but also as a potential source of revenue.

"Our work was diffuse, but we have quite a few security initiatives," said Mundie, speaking on Tuesday at the RSA Conference on IT security in Paris. "Mike is assessing that. The unit will have inputs into products, marketing, training and other areas."

In presenting Microsoft's trustworthy computing initiative, Mundie defended the company's reluctance to follow through and accept legal responsibility for the security of its products. "If we took that responsibility, say for a big contract at Airbus, I would have to take out a giant insurance policy from Lloyds or another insurance broker, and pay a giant invoice," said Mundie. "The product would then cost not 50 euros, but 50 million."

Legal liability would cost the user greatly he said, and contracts like the one he described were the exact opposite of the normal situation. "In such a situation, the computer must not change, and only technicians could touch it. This is the antithesis of the general purpose mass market business."

Windows runs an arbitrary set of applications, in an arbitrary configuration, with arbitrary devices, said Mundie. "The operating system is designed to run on machines that are not designed yet." While Microsoft could demand that it creates the drivers for all hardware, the industry would not accept that. "Each time we accede to the reality of the industry, we accede to the problem," he said.

Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, he said: "Because customers wouldn't pay for it until recently." Admitting this was a flippant answer to a flippant question, Mundie said that chief information officers had only recently begun to demand security, and it is only in the last ten years that Microsoft has attempted to play in the security-requiring worlds of banking payroll and networked systems.

• Related stories

• Alerts

Add your opinion

If there's a buck to be made, ...K.Styles (A very,very disgruntled user) -- 09/10/02

If there's a buck to be made, Microsoft will screw you. What a copout saying they couldn't assume the responsibility for security, because it would cost a fortune and/or they couldn't make it a secure product?? Hello!!
How come Linux and BSD don't suffer from security holes and intrusion the way Windows does?
Its just plain lousy design and even worse final product Q&A, just to put the product on the shelf faster, without care or concern for the 100's of thousands of users.
Come on Microsoft......PULL YOUR FINGER OUT ! Oh why bother asking for the impossible. I'm switching to Linux immediately. I've had it with Windows.

• Reply to comment
• Reply to story
• Report offensive content

Cop out? Understatement! MS ac ...Anonymous -- 10/10/02

Cop out? Understatement!

MS actually take responibility for their products? You're kidding! Their EULA expressly excuses them from it, though that may not absolve all responsibility.

As for the bit about Windows being "designed to run on machines that are not designed yet", it's pure fantasy. Please advise exactly how you design for something that not only doesn't exist, but hasn't even been designed!

People don't want to pay for security? Try MS couldn't be bothered to build security into it's products. E.g. auto-run macros in e-mail attachments - sounds cool so let's put it in. Forget that a Word macro can format your hard drive (courtesy of MS). Gee, I wonder how many customers asked for that "secure" feature.

Pure FUD. Bottom line: Microsoft takes no responsibility for the faults in its software.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials