[Am-info] ZDNet UK: Microsoft: Users may have to pay for security

[John J. Urbaniak]

Roy Bixler wrote:

> This story is from the RSA security conference in Paris which I found
> interesting for a couple of reasons.  One was this section describing
> an exchange with Microsoft CTO Craig Mundie:
>
>     Asked why it has taken Microsoft 25 years to get trustworthy
>     computing into the forefront of its efforts, he said: "Because
>     customers wouldn't pay for it until recently." Admitting this was
>     a flippant answer to a flippant question, Mundie said that chief
>     information officers had only recently begun to demand security,
>     and it is only in the last ten years that Microsoft has attempted
>     to play in the security-requiring worlds of banking payroll and
>     networked systems.
>
> It's stunning that he thinks that there was no significant demand
> for security until recently.  In what cave has he been living?
>
> It was also nice to get confirmation that, contrary to insinuations
> made when spreading FUD about open source software, Microsoft will not
> take legal liability for security flaws in its software.
>

Well, perhaps someone should give them that legal liability.

If Ford has a defect in its cars, it has to fix the problem via a recall.

If Campbell's Soup mislabels some of its cans, it has to recall all of the
product.

Microsoft software is buggy and insecure.

Just today, one of my customers got stung with the "Bugbear" virus.  They
had to shut down their whole network and run around to every machine and
cleanse it.

Every machine, that is, except those machines which run *my* software.
They are based on eComStation, which, of course, is immune to "Bugbear"
and all other Microsoft viruses.

Someday, these companies will wake up and realize that Microsoft is
responsible for all that lost time and hassle cleaning up their trash.
Someday, these companies will sue Microsoft.

John