Brian Sullivan's Random Musings Anything and everything that interests me might show up here. My interests include Jazz, (Auto)Road Racing, NetMeeting, E-Learning, Zope/Plone, Creative Problem Solving and lots of other stuff.
Home Stories Brian Sullivan's Flickr Space Meeting by Wire Courses by Wire ELearning Development Weblog Scobleizer Scripting News Zope Plone		Microsoft Security Ideas Robert Scoble and I have recently sparred in another venue over what I consider a failing on Microsoft's part in the "computer security for Microsoft users" area. I was perturbed(and still am) that the solutions coming out of Microsoft seem to always involve more and "improved" technology(often ending in the refrain "wait until Longhorn"). I see the problems as more business problems than technology problems. He challenged me to come up with some (non development) ideas for Microsoft to implement that would improve security for users of Microsoft products. First to state what I see as the problem (or at least the issue where the greatest leverage lies): "Users of Microsoft operating systems attached to broadband networks are in large numbers having their systems covertly being taken over and being used in various denial of service attacks and other criminal activities (in addition to compromising their personal identity information)." Obviously, Microsoft and other software developers have to continue to improve development methods and produce products that are technologically more secure. Obviously, as well, law enforcement has to continue to pursue those involved in computer related criminal activities like creating and distributing viruses and trojans and using unsuspecting user's computers as attack vehicles. In the spirit of diverging/brainstorming I have come up with a few ideas outside of those activities that Microsoft could consider: pay a bounty to anybody that demonstrates a security fault in a Microsoft product(it seems hackers often discover problems before "security researchers" or Microsoft, use them, keep them secret -- a bounty might bring more problems to light earlier) require all OEMs to provide systems with all recent patches (I was appalled to find that my partner with a newly installed XP system had none of the recent security patches -- not only that but he wasn't made aware) develop incentives (free Microsoft games ?) for people to patch their systems encourage tv broadcasters, newspapers to publish information on new problems and patches (or pay for advertising) work with broadband isps to spot "problem" subscribers ( those already infected with worms) and target them with information and or incentives to clean up the problems offer permanent 24/7 "security hotline" phone support for people wanting information about viruses, worms, and security issues with Microsoft product assume some liability for security problems in products if products have all recent security updates and publicize this fact ship security updates on CD to isps for free distribution (dial up users often just cannot afford to downloaded multi megabyte updates) make update CDs available free in Audio CD retailers, video rental locations, 7/11's, coffee shops sponsor workshops on personal computer security I think some in Microsoft understand the issues. I am encouraged by Steve Ballmer's recent comments apparently recognizing this problem as "This is a defining moment in our evolution as a company." I am also encouraged by the recent prominent push on Microsoft's sites of the 1 2 3 Protect your PC Campaign. More of that kind of thinking, more often and with more commitment is what is required. If you have other interesting "non-technology" solution ideas that should be on the list use the comment link below. Comments: () © Copyright 2008 Brian Sullivan. Last update: 29/06/2008; 11:43:34 PM.