Would you pay Microsoft to protect Windows?

Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes Microsoft is in a 'catch 22' situation because enterprises will not want to pay for products that are designed to protect them from failings in Microsoft's other products.

"They talk about trustworthy computing but if you can trust them, should you need to have these new [security] products anyway? I don't think they are ready to trust Microsoft in this space yet. They are going to continue to trust companies like Symantec and McAfee," said Warillow.

James Turner, security analyst at Frost & Sullivan Australia, said that companies do not really want to pay for anything, but he believes Microsoft will be able to provide a compelling financial argument for using its own anti-virus and anti-spyware solutions.

"No one really wants to pay for anything, but that's commercial reality: Microsoft isn't a charity. Not many organisations have the internal resources to replicate this style of service as cost effectively as Microsoft will be able to," said Turner.

Microsoft Australia's chief security advisor Peter Watson told ZDNet Australia  that buying security products -- such as anti-virus and anti-spyware -- are like adding optional extras to a car.

"Like cars, some components are now standard and others are offered as a value-add... Microsoft's recent announcements are on products that are proactively preventing existing -- and able to help mitigate -- future vulnerabilities," said Watson.

Watson argues that the new products are only a small part of Microsoft's overall security strategy, which also focuses on improving the general security of its non-security portfolio and educating its users.

"An ever increasing amount of security capability and functionality is delivered by Microsoft as standard... Microsoft is one of Australia's leading providers of security education... Microsoft delivers these services at no or little cost to consumers, education institutions, small enterprises, business, government, law enforcement and academia," said Watson.

However, Hydrasight's Warrilow believes that the whole argument is about trust and he does not believe Microsoft has yet demonstrated that customers can trust it with their security.

"This is definitely to do with trust... It will be interesting to see how enterprise customers play that. Does Microsoft think security is a growth market for them -- I don't think it will be," added Warrilow.

• Related stories

• Alerts

Add your opinion

ahh Anonymous -- 13/10/05 (in reply to #120121968)

i was thinking seatbelts

• Reply to comment
• Report offensive content

Microsoft Protection Bruce White -- 14/10/05

I think it's a sham for Microsoft to sell you a product for a considerable sum and then turn around and have the nerve to want you to pay them to protect it.Ought to be a free service out of respect and maintenance for their own products.Grrrrrr

• Reply to comment
• Reply to story
• Report offensive content

Pretty Ballsy Really JS Perry -- 14/10/05

They would indeed have reason not to fix (if they ever did other than ad "features") their OS. As a matter of fact they would have every reason to encourange Mal Ware authors to propogate. Get Real Microsoft. You are driving me away.

• Reply to comment
• Reply to story
• Report offensive content

Pay for MS security? eric pihl -- 14/10/05

What a warvellous opportunity - for Linux.
Cheers
"septus"

• Reply to comment
• Reply to story
• Report offensive content

Trusting Microsoft Security Anonymous -- 15/10/05

I asked to participate in the Microsoft One Care Beta Program and was accepted. Once accepted, I was hesitant to load the software because I did not know how it would interact with my other installed software, both applications and security software. Today, before I opened the package, I wrote to the Beta site and told them that I was concerned about loading there Beta software with my other software. I got a response that they may be to busy to answer and check the Beta chat data bases. I did not and proceeded with installing their cd. The first thing it tells you is to uninstall your security programs (anti virus and I think firewall, but I cannot remember) before installing the Beta. I wrote back to them telling them I was unwilling to run my computer based on beta security protection and that none of any of my other software, security or applications, asked me to uninstall any product before I installed theirs.

• Reply to comment
• Reply to story
• Report offensive content

hmmm. Garry -- 21/10/05 (in reply to #120122085)

I think that's why they call these things Beta. It's for testing not for whole scale use.

And no I would trust Microsoft to protect there OS if they can't write it securley in the first place.

• Reply to comment
• Report offensive content

Paying MS for repairing faulty software! Anonymous -- 16/10/05

What a disgrace. Microsoft seem to be riddled with "buffer overflow " errors and really thie software is very poor in the security departmnet except their new "Windows Advantage" which really should be called "For microsoft's Advantage".
As someone else has said fancy buying a car with faulty brakes and then having to pay to have them repaired/upgraded to make them safe.
Some of this MS sofware is used in "mission critical" envirenments and really cannot be allowed to be so susceptble to falling over.
They need a humungous class action to make them take notice.

• Reply to comment
• Reply to story
• Report offensive content

Only M$ can get awy with it Terry -- 17/10/05

No other industry can/would get away with such blatant arrogance and distain for their customers especially with critical operational environments.
Imagine medical equipment being allowed to be sold with know faulty instrumentation - some Govt department would have it jerked from sale so quick.
No M$ stop putting your hand in my waqllet for continious supplies of $$$ to fix your *&%^ups.

• Reply to comment
• Reply to story
• Report offensive content

Would you pay Microsoft to protect Windows? Anonymous -- 18/10/05

As someone else posted..."In a word, no!"

By the way, I believe there's legislation somewhere that prohibits such action. Isn't there?

For instance, people like you and I would be jailed 'pronto' if we tried a scam like this... Wouldn't we!???

• Reply to comment
• Reply to story
• Report offensive content

Money well spent for MS at least... Brad Leigh -- 20/10/05

Least MS made the 'innovative' use of the 2 companies they bought out. Namely Giant Company Software (anti-spyware) and GeCAD software (Anti-virus). What a joke.

Don't be conned - tell non IT people not to buy it or they'll go blind.

Check out their patent applications - if it wasn't so serious it would be a joke.

• Reply to comment
• Reply to story
• Report offensive content

Like mafia! Anonymous -- 21/10/05

This is like when a bunch of muscle man came to your shop and tell you, we can protect you if you give us some money...
Why people should pay them to "solve" (i seriously doubt that is going to solve anything) the problems THEY created?

I rather move to another ship, as i did.

Regards from my GNU/Linux Debian system,
An ex-MSWindows-user

• Reply to comment
• Reply to story
• Report offensive content

Something to think about Micah LaCombe -- 22/10/05

I doubt seriously, anyone who has commented so far has helped develop applications with the complexity and scale that microsoft has done so far. Its easy to cast a stone but its much more time consuming to form an educated opinion based on research instead of personal prejudice.

It is true that microsofts leading edge has kept them in hot water for years, but from a business perspective its proven more profitable for them to release products early and fix them later.

The real question is what impact this has on the end consumer. On the one hand you may be quick to feel as if your being cheated with an incomplete product, but on the other hand this process of releasing early actually speeds the integration of new technology and helps spur new ideas that coincide directly with those technologies.

With the enormous growth of the internet, and the exponential increase in application complexity, Microsoft now needs to reconsider their model, and this is exactly what they are doing.

None of your software has ever been buy-once and last for ever (the same for your hardware). It gets outdated, and you purchase an upgrade (I'll assume you pay for these sorts of things) and that process has just been speed up tremendously due to the emerging trend of an ever connected environment.

Your not paying them to "protect" you, the idea is to pay them to "upgrade" your software on a recurring schedule. You know you need the updates/upgrades and the truth is without them your going to be left at a real disadvantage.

Would I pay perhaps 5 or 10 dollars a month to help increase the efforts being put on keeping my operating system safe and secure from hackers? you bet I would... those few dollars a month cost me far less than experiencing downtime and or losing important data. If your computer is an essential part of your lifestyle and especially your career, own up to the reality of the situation and find a few bucks in your pocket to help make windows a better product.

If you really want to argue about paying for something, I'll leave you with a fun one to do some personal debating on: insurance!

• Reply to comment
• Reply to story
• Report offensive content

Something to think about Micah LaCombe -- 22/10/05

I doubt seriously, anyone who has commented so far has helped develop applications with the complexity and scale that microsoft has done so far. Its easy to cast a stone but its much more time consuming to form an educated opinion based on research instead of personal prejudice.

It is true that microsofts leading edge has kept them in hot water for years, but from a business perspective its proven more profitable for them to release products early and fix them later.

The real question is what impact this has on the end consumer. On the one hand you may be quick to feel as if your being cheated with an incomplete product, but on the other hand this process of releasing early actually speeds the integration of new technology and helps spur new ideas that coincide directly with those technologies.

With the enormous growth of the internet, and the exponential increase in application complexity, Microsoft now needs to reconsider their model, and this is exactly what they are doing.

None of your software has ever been buy-once and last for ever (the same for your hardware). It gets outdated, and you purchase an upgrade (I'll assume you pay for these sorts of things) and that process has just been speed up tremendously due to the emerging trend of an ever connected environment.

Your not paying them to "protect" you, the idea is to pay them to "upgrade" your software on a recurring schedule. You know you need the updates/upgrades and the truth is without them your going to be left at a real disadvantage.

Would I pay perhaps 5 or 10 dollars a month to help increase the efforts being put on keeping my operating system safe and secure from hackers? you bet I would... those few dollars a month cost me far less than experiencing downtime and or losing important data. If your computer is an essential part of your lifestyle and especially your career, own up to the reality of the situation and find a few bucks in your pocket to help make windows a better product.

If you really want to argue about paying for something, I'll leave you with a fun one to do some personal debating on: insurance!

• Reply to comment
• Reply to story
• Report offensive content

Stop stealing air! Graeme Thorne -- 25/10/05

Dammed if do and dammed if you don’t. People have chastised MS for years about responding to the needs of market, with so many wants they’re never going to deliver on them all. Whilst delivering amazing functionality they have historically done this at the cost of security. People overlook the fact that MS OS’s have rarely been treated with the reverence that of Unix and have not enjoyed the same rigor of management practices. If they had maybe things wouldn’t have been so bad. The threat landscape of Windows has come largely about the popularity and ubiquity of the platform and its feature rich environment, a fact highlighted in Peter Szor’s book ‘The Art of Computer Virus Research and Defense’.

Do you seriously believe that MS cannot charge for security? Just think back to the netscape / IE antitrust case. For now, MS will need to charge for their premium consumer and business security offerings, however later who knows.

An entire industry has been built on the insecurity of the MS platform, can you imagine the number of businesses that would become unviable if MS where offer total ‘free’ security solutions out of the box. MS know this and are dependant on these third parties to round out the capability of their solution offering. How many Linux vendors are one-stop shops? None – they all rely on third parties to deliver the complete solution.

When you really look at Linux it’s no where as secure as Microsoft’s latest OS – Windows XP SP2 and Windows 2003 SP1, even Gartner support that fact. In fact Gartner have openly said that an unmanaged Linux installation today is not secure enough to meet the computing needs of business and consumer alike. I support this fact with distro’s like Mandiva, RedHat ES, Fedora, Debian, and Ubuntu all require a level of securing out of the box. The more functionality these distributors enable out of the box the more securing is required – a fact of life regardless of the software. Linux may have included several security features over the years, including IP tables, IP filters built into the kernel, however what about a robust memory resident, behavioural based AV engine? You have to buy one, ClamAV is signature based and does not cut the mustard – sorry!

Don’t get me wrong, I love Linux for the right application but it’s certainly not better than what MS have to offer right now, that’s a fact not a myth.

Happy for comments.

Graeme Thorne
Graeme.thorne@gmail.com

• Reply to comment
• Reply to story
• Report offensive content

Absolute rubbish Anonymous -- 31/10/05 (in reply to #120122409)

This is so close to MS created FUD I don't know where to start. Actually, I do... I'd like to invite all readers with a brain to fire up google and start searching for Linux and Virus and Windows and Exploit and IE and Security Hole etc.
To say that Linux is less secure than Windows is laughable, that alone shoots down any credibility you might have had. Unpatched Linux distros regularly run happily for months, sometimes years without the slightest problems, where an unpatched Windows box has a life-time measured in MINUTES once you hook it up to a broadband connection. There is plenty of anecdotal evidence of people who get their windows machines hopelessly compromised before they've even managed to download the updates for it! There has NEVER been ONE reported case of a linux box getting a virus in-the-wild...not ONE. Compare this to the TENS OF THOUSANDS of Windows specific viruses/trojans that infect MILLIONS of PC's daily.... Linux doesn't have the fancy AV engine because IT DOESN'T NEED ONE! In fact, the only virus scanning that my server farms require is AV on samba shares and on the email servers to protect WINDOWS PC's from the effects of viruses...NOT the linux boxes.
Windows has a flawed security model, windows requires constant attention to try to protect it from todays' latest virus/exploit, Windows and the stable of common MS products (IE and Outllok immediately spring to mind) are the most efficient virus propogation systems ever devised by mankind.
So Linux providers use third party resources?, so what?? I bet you're one of those misguided individuals that think "Linux" is what comes on the install cd's, just like Windows, right??
*bzzzzzt*..wrong!! It's just the kernel, every other package and application you get (even to the C compilers) is a third party product..that's right, the window managers (that's the 'desktop' to you) the calculator, the clock, everything!!!
Anyway, with the heavyweights like IBM, Novell, Sun(kinda), Redhat, CA and others all now busily porting and supporting it's clear that the MS domination is coming to an end.
Anyway, I forgot to ask, do you work for Microsoft in any capacity?, or one of their channel partners/resellers?
You have the air of "paid shill" about you.
Get with the program, get the penguin.

• Reply to comment
• Report offensive content

Slapper, bliss, lion just to name a few... Graeme Thorne -- 02/11/05 (in reply to #120122643)

Firstly I don't work for MS or any of its channel partners, but have worked in ICT security for well over a decade and half.

‘There has NEVER been ONE reported case of a Linux box getting a virus in-the-wild...not ONE’ Maybe you should do some serious research around Linux viruses. They have been in the wild for sometime, and there are plenty of documented cases of infestations – just google on it  however the major reason for there being very few written and subsequent infestations is the binary compatibility between distributions as well as the processor types. A problem that has been for the most part easily overcome by windows virus writers.

I’m not defending the lack of security in previous versions of Windows however I defy anyone to objectively argue that Windows XP SP2 along with Windows 2003 SP1 is less secure than Linux / Unix.

The reality is that in the hands of any competent administrator most modern operating systems can be secured to the required level. I will say that there are some very good security initiatives in the Linux space, specifically around the NSA developed and supplied SELinux incorporated into Redhat’s Fedora and Enterprise versions. Does limit the usability of the platform and before you jump in, I’ve had 6 years of operational experience in MLS systems using this compartmental technique – something that Windows is missing.

Explain to me how the windows security model is flawed – implementation and execution maybe but flawed I doubt. Again I’m not arguing that Windows is perfect just that the current versions are better than common Linux distro, but then again you sound like one gun admin who could secure a Linux environment from all the nasties.

‘I bet you're one of those misguided individuals that think "Linux" is what comes on the install cd's, just like Windows, right??’ Nope not really, but then again I know the value of commercial support in an enterprise environment and know that doesn’t happen (or shouldn’t) when you download the latest kernel and do a crystal box install.

Get with the program get the penguin? 

When you can prove to me that I can do the following things centrally with Linux then I might get with the programme – again I might already be 
• Configuration and change management,
• Authentication;
• User administration;
• Policy administration;
• Hardening.. do you want me to stop now?

Oh and bet that a green field MS Windows server and desktop deployment can be achieved in a shorter time and secured with fewer resources and deliver real business value in a shorter period of time – fact or myth? Maybe you’ll need 30 of your Linux mate admins writing perl / shell scripts to achieve similar things, maybe you’ll buy Novell Zen works, but then we’re going back to vendor delivered solutions and maybe its not Linux that’s the difference but the vendor who fronts the OS – another debate.

I invite you to write to me if you want to continue this conversation and be enlightened with the truth.

Graeme
Graeme.thorne@gmail.com

• Reply to comment
• Report offensive content

XP SP2 really secured me... Anonymous -- 03/11/05 (in reply to #120122724)

by breaking DNS! Don't have to worry about downloading a virus now. It didn't stay installed for long on my poor laptop.

On the topic of the windows security model, I pose a question about the home user/single user machine. SP2 installs with the main user having full administrator privileges, allowing any malicious program or piece of .net/java/whatever to exploit their system as administrator. There's talk of fixing this in the next version, but the users are used to being able to do whatever they want without having to enter their password or right click and then click "run as...".

As for your comments about Linux, I have to agree that it sounds like a bunch of FUD. All of the items you list I can do with a simple tool called webmin. Add users, control the domain, set up a firewall, filter spam, burn a cd, edit mysql and postgresql databases, configure apache, etc. It does too many things to list, and there are probably dozens of projects that do the same or similar things. Just because you haven't seen a particular tool doesn't mean it doesn't exist, and just because you love M$ doesn't mean the rest of us have to. Don't speak out of ignorance.

• Reply to comment
• Report offensive content

More research required Graeme Thorne -- 03/11/05 (in reply to #120122771)

Your argument is not well formed and lacks objectivity, something that I would expect from someone with little real world experience - maybe?

Can you recompile the kernel without the process having root privileges? SP2 requires the installation executable to be invoked by a process that runs with administrator privileges, yes you can use the runas command to limit your vulnerability, but you already knew that. As for the need to run as a administrative user, you are largely constrained by the application. Some applications just need it, and yes Vista will improve this dramatically by introducing a feature comparable to SUDO. But this is not a problem limited to Windows, Linux has the same issue.

Speak out of ignorance, you make me laugh. I've spent more years administering, designing and deploying solutions using *inx systems then Windows so I think I've got some experience. The simple fact of the matter is that the latest Windows systems allow you to do more, in less time and do it securely at a more affordable price - something that research analysts support. But you'll never believe that and that's OK, as we need to have choice.

Webmin - yeap you've used it from time to time, but not an enterprise tool. I bet a Windows administrator in an enterprise environment, that is active directory enabled, could deploy a change to their entire windows fleet in a fraction of the time that you could in your Linux world, without having to revert to some 3rd party pay for use tool like zenworks, radia, etc.

Have a nice day, and enjoy your hobby linux installations. If you are an admin, then I know why the cost of linux admin is high :P

• Reply to comment
• Report offensive content

Hobby? Anonymous -- 04/11/05 (in reply to #120122772)

Right. All the labs I keep at school are just for a hobby. And did I say ignorance? Perhaps I should have added arrogance.

• Reply to comment
• Report offensive content

You support my argument Graeme Thorne -- 04/11/05 (in reply to #120122806)

I might be arrogant but that's only because I know what I'm talking about! Come and play when you are all grown up, until then just sit down, listen and learn.

• Reply to comment
• Report offensive content

You are ignorant... Anonymous -- 13/11/05 (in reply to #120122829)

.....not knowledgable.

Don't give up your night time taxi job, you'll need it.

• Reply to comment
• Report offensive content

Took a while, I've been busy doing Real Work. Anonymous -- 13/11/05 (in reply to #120122724)

‘There has NEVER been ONE reported case of a Linux box getting a virus in-the-wild...not ONE’ Maybe you should do some serious research around Linux viruses. They have been in the wild for sometime, and there are plenty of documented cases of infestations – just google on it  however the major reason for there being very few written and subsequent infestations is the binary compatibility between distributions as well as the processor types. A problem that has been for the most part easily overcome by windows virus writers."

Absolute garbage....half of the laughably slim examples you put are Apache worms, not even viruses. Total rubbish about cpu type of binary compatability as well...try again...you obviously need education in hardware design and implementation, I suggest any accredited undergraduate University topic that covers signals and systems or digital circuit design.

"I’m not defending the lack of security in previous versions of Windows however I defy anyone to objectively argue that Windows XP SP2 along with Windows 2003 SP1 is less secure than Linux / Unix." --- Again, the proof of the pudding is in the eating...I defy anyone to objectively argue that the myriads of 0wn3d XP SP2/2003 boxes mean that Windows is 'more secure' (definition please) than Unix/Linux (oh, that happen to have been around for the last 30 years or so..where are the 65,000 Unix viruses then???).

"
Explain to me how the windows security model is flawed – implementation and execution maybe but flawed I doubt. Again I’m not arguing that Windows is perfect just that the current versions are better than common Linux distro, but then again you sound like one gun admin who could secure a Linux environment from all the nasties."

People don't understand the truth about Windows security. It can be traced to a single fateful decision.

In Win32, every module (EXE/DLL) is contiguous in the process virtual address space. The code and data are next to each other in each module, but not between modules. The stack and heap are allocated as blocks at essentially random addresses. The memory layout looks like this:

empty code data empty stack empty code data empty heap ...

The problem is that there is no single address that you could choose that says "only code is allowed below this address, and no code is allowed above this address".

On the x86, before AMD64, it was impossible to tell the processor that certain memory addresses cannot be executed. Anything that was readable was also executable. This means it is possible to execute from the data areas, a fatal flaw.

However, the x86 *does* have a feature that allows you to say "no code is allowed above this address". This is known as the "CS limit". By setting this, any attempt to execute from a data area would crash the program. Crashing the program is a lot better than taking over your computer.

Win32's memory layout prevents this feature from being used, because if you try to set a limit, either you have data in the code area, allowing exploits, or you have code in the data area, preventing legitimate code from executing.

AMD tried to correct this with the NX bit in the AMD64 chips, but it was too late. Too many Win32 programs rely on the ability to execute from a data section. As a result, in XP SP2 and Vista, the feature is only enabled by default in a few programs. You can turn it on for all, but then a lot of copy-protected games won't run.

Linux usually has the same problem. However, because most Linux programs come with source, it is possible to modify every application in the system to work this way.

I bet they didn't tell you that on your 5 day MCSE bootcamp now, did they?

"When you can prove to me that I can do the following things centrally with Linux then I might get with the programme – again I might already be 
• Configuration and change management,
• Authentication;
• User administration;
• Policy administration;
• Hardening.. do y

• Reply to comment
• Report offensive content

wow...you're on the money! Anonymous -- 14/11/05 (in reply to #120123183)

That showed him!

Wow, you know a lot.

Thanks for the great information, I think I see another MCSE slinking away with his tail between his legs now.

Thanks !

• Reply to comment
• Report offensive content

xp cost $$$ linux free you tell me nonya biz -- 19/11/05 (in reply to #120122643)

word , thank you man , the only thing good about MS is.... hmm can'y think of any right now, hmm XP cost what 300$ and Linux hmm free as like in free beer

• Reply to comment
• Report offensive content

I disagree Anonymous -- 31/10/05 (in reply to #120122409)

Gartner said that Microsoft Windows places an inordinate amount of strain on the average Enterprises security processes and most places would be better off without it.
The popularity of windows with virus writers is not a measure of how widely adopted it is, rather, a measure of how flawed it is in construction and how trivial it is to break it.
Linux is far superior on all counts.

Unix has been around for 30years and still has very few viruses, Windows has been around for 10 years and has 60,000.
This is because Windows is a poor product, simple. I can cite numerous studies and white papers that will say just that. Having one person say that windows is popular because of its market share means nothing when the consensus of opinion is that it's because it's not very well built.

• Reply to comment
• Report offensive content

Where have I heard about 'protection' money before ? Anonymous -- 28/10/05

Once you buy a Microsoft product that says it's this and and it's that a MS users' tasks don't end at clicking the 'finish' button after installation, there are seemingly endless updates and patches that need tacking on. And now they want me to pay more ? Or to put it another way I pay them more for me NOT to use another browser or eMail client - not likely !

• Reply to comment
• Reply to story
• Report offensive content

Dell, HP, etc. should pay for it cyber_rigger -- 02/11/05

If you buy a computer
that is preinstalled with a faulty OS
you should make your computer supplier fix it
or give you your money back.

• Reply to comment
• Reply to story
• Report offensive content

Once bitten, twice shy? Anonymous -- 02/11/05

If Microsoft couldn't craft a secure application n the first place, is there anyone who seriously believes they can either fix it or protect it for more money?

I believe they are predominantly focussed on making money - this is far more to do with maintaining an obscene bottom line at the expense of the end user and the end user's end user than it is about improving the security of their apps.

Basically, for me, if they could get it right second time around they would have got it right in the first place.

But then where would the repeat business come from?

• Reply to comment
• Reply to story
• Report offensive content

Matter of trust... or risk management? David Sayers - em3.com.au -- 02/11/05

Yes, Microsoft products have holes... lots of them! The software Microsoft makes enables businesses to deliver services to their customers.

You would be surprised how many corporate organisations are utilising MS software to deliver on-line services, including transaction and financial processing.

There are two points here:
1. Microsoft makes software and pitches it to architects and CIOs that make presentations to business stakeholders about functionality and services they can deliver today... (oooh, that sounds good, we've got to have that);

2. Most corporates we work with are already down the path of MS deployments (not just the corporate desktop and email) and are reliant on the software... so they need to patch and manage vulnerabilities ongoing - even if it costs them money.

Most organisations just accept it and build it into the bottom line (ie: CAPEX / OPEX) each year in their IT spend.

I'm not saying this is right, nor am I a big Microsoft fan.. far from it, however if we were all running Solaris, Linux, Mac or BeOS there would be a bigger presence of hackers and vulnerabilities in that space due to the mainstream attention.

Cast your mind back a few years when MS was absolutely terrible at managing vulnerabilities (remember Mr Gates making an announcement stopping software releases until security issues were addressed?).

At least it's on the improve.
Yes, we can do better.
No organisations should not have to pay for bugs and vulnerabilities in software that should work from day one.
Yes, corporates will pay for remediation of systems that are exposed as this is a business risk.

There is no simple answer here.

• Reply to comment
• Reply to story
• Report offensive content

We already do Anonymous -- 04/11/05

In my opinon the 299.99 we pay for the software should be payment for them to protect windows.

• Reply to comment
• Reply to story
• Report offensive content

Pay to have a bandaid over design flaws and bugs? Anonymous -- 04/11/05

How about they first Fix MS Windows and
do a proper design (as documented in the 1980's)
to NEVER directly download via email, to always have a user need special permission to damage a machine.

Also there is better Free, OpenSource software available. Why pay for software from a company that still cannot fix the bugs in their software.

When you hear there is a 'computer virus' know that it actually means.. There is another Bug in Microsoft that some one is hitting and it is normally ONLY on Microsoft.

Others have bugs, but typically they are minor problems or misconfigurations.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials