Trusting Microsoft

The trouble is that Microsoft is starting from such a position of poverty that it will be hard to make any forward progress. This month saw the beginnings of what Redmond calls its "Trustworthy Computing" initiative. The jury is still out.

Trusting Microsoft is one of those automatic oxymorons, like "military intelligence" or "hard water." The company has so blown its wad of trust with its customers that it is hard to even know where to begin to list all of the misfires, mistakes and missteps taken over even the recent past. But let us list a few noteworthy examples:

Outlook has become such a useful culture for growing and distributing viruses around the enterprise that virus authors now write exclusively for its loopholes, back doors and security weaknesses. With Internet Explorer, there are those pesky dialog boxes that pop up when someone wants to run an ActiveX control inside your browser. These usually say something along the lines of "do you want to always trust content from Microsoft Corporation" from here on out? Does anyone in their right mind ever check that box if they value their computer's integrity and safety?

What about that whole brouhaha around Passport providing Microsoft with all of one's financial and bank records that they can "safely" store on their computer. Or the default Normal.DOT Word macros that can contain all sorts of mischief to launch further annoyances everywhere. Or the older versions of IE with their special setting that is charitably described as "come on in, the computer is just wide open and waiting for you, Mr. Hacker, to take advantage of me". Or Hotmail, which continues to make things easier for hackers to take advantage of various exploits, no matter how hard Microsoft manages to plug its leaks.

It is high time that Microsoft realized the amount of wasted energy, time and corporate computing dollars that have been invested trying clean up after these and other mistakes. The problem is that we should be able to trust Microsoft, or for that matter our own internal IT departments.

Paul Hoffman, chairman of the VPN Consortium and long-time industry watcher, says: "There shouldn't be any issue of trust--whether or not you want to trust your IS department, you still operate on some level of trust with them."

Yet most end users don't--whether it is because they operate in a world of little trust or because they just assume their PCs are intensely personal and not sharable in the overall corporate environment. And perhaps this is the core of what trust is all about. If someone sends a virus to you via e-mail, or more likely, someone's computer runs a hidden attachment that launches a virus attack, then why should anyone operate differently and expose themselves to the big bad world? Best to just hunker down and lay in for a long siege.

Microsoft certainly has their work cut out for them. It is definitely an uphill battle to regain any trust from their customers, let alone the lay public. And given the security cesspool that is called Windows and MS Office, it will take a lot more than just announcing programs to fix things for our favorite software monopolist. While we are glad to see the Trustworthy Computing initiative take shape, we hope it provides more than just empty promises and brings about some major sea changes in how Office and its ilk are secured from intruders.