I’m going to take advantage of Garry Robinson’s article on Windows security in this month’s issue to vent a little. I realize that I’m an apologist for Microsoft. I like the company and I like working with its products. I make my living consulting with companies that use Microsoft tools to build applications. I’ve met many people who work for Microsoft and, without exception, they’ve all been open, honest people, keenly interested in helping developers and consumers. And, I suppose that when you invest as much time as I do in keeping up with Microsoft’s latest technologies, the Stockholm syndrome kicks in: The prisoner starts to identify with the captor’s goals and ideals.
Even so, the latest Microsoft-bashing around the proliferation of viruses and worms seems misplaced to me. Yes, Windows and other Microsoft products have vulnerabilities that despicable vandals enjoy exploiting to hurt other people. Yes, installing new patches and fixes is a pain and an expense. Yes, it would be good if these vulnerabilities didn’t exist and it’s too bad that they do. I can even understand people who, because of the costs imposed by these viruses and worms, consider switching to another operating system that, presumably, won’t incur these costs.
What I don’t understand are the people who blame Microsoft for our current state of affairs. Microsoft hasn’t created one of those viruses or worms. So why do people attack Microsoft over the actions of the vandals who have created them? One reason, I suspect, is that we can find Microsoft, while we can’t find the vandals defacing our computers, though that’s not the justification normally given.
The justification that’s normally given for blaming Microsoft is that they should have built Windows so that it couldn’t be exploited by these malicious thugs. I guess Microsoft could have. However, when Microsoft started building Windows (including Windows NT, which forms the code base for most current versions of Windows), securing computers from viruses and worms simply wasn’t a concern. At the time, the Internet wasn’t the network that connected everyone. At that time, preventing vicious little human vermin from damaging your computer consisted of making sure that they couldn’t log on and install software.
Looking at our current state of affairs, what can we determine that Microsoft developers assumed? They assumed a world where people wanted their computers to do more and more things for them so that users would be free to achieve higher goals. They concentrated on delivering more and more functionality to Windows users. I don’t want to suggest that Microsoft was a saint about this: They also made very sure that they made money (lots of money) doing this.
Apparently, what the developers at Microsoft didn’t assume was that the world would be populated by people who derived satisfaction from despoiling the work of strangers. This may have been naïve on the part of the Microsoft developers but, I have to admit, it’s a naïveté that I shared. Naïve or not, it’s hardly a reason to blame Microsoft for the damage done by people motivated, it appears, entirely by malice—people who contribute nothing of value to anyone while working very hard to hurt as many people as possible.
The developers at Microsoft gave me the ability to add macros to Excel to create business solutions that my clients value. The developers at Microsoft gave me the ability to use e-mail to distribute those solutions. The hoodlums who create viruses and worms gave me the dialog that pops up every time one of my clients opens a spreadsheet, asking if macros should be disabled.
My personal opinion is that the code base that makes up Windows can’t ever be made completely secure, though Microsoft will continue to make it increasingly secure. However, I also suspect that a completely secure operating system is only possible if you unplug your computer from all networks and seal up all your input ports (including the keyboard). We’ll see increasingly more secure operating systems in our future and, like the security lineups at airports, we’ll also see increasing restrictions on the free flow of data. Let’s just blame the right people.
On a different note: If you can find it, the October issue of Access-VB-SQL Advisor magazine has a great editorial by Ken Getz on his vision of a future version of Access. You may not agree, but when someone like Ken Getz has an opinion, it’s worth thinking about. I also found out that Ken is younger than I am—which was just depressing.