2005-01-06

Microsoft's role in the battle against spyware

Today, Microsoft announced that it is releasing its own anti-spyware application. This is the first step in its endeavour into the world of anti-virus software, which it seems to be gearing up as part of its revenue stream. On the surface, it appears that Microsoft may finally be giving its users an overdue helping-hand, but the move marks the beginning of something that may be a security setback in the years to come.

In providing these tools - pro bono or for a fee - Microsoft is coming dangerously close to pushing band-aid solutions as an acceptable security recourse. The time and effort they're putting into a whole new product line would much better serve customers if it were spent performing more code reviews to proactively correct more security flaws. Second, if the rumors pan out and Microsoft does in fact start charging for the anti-virus software they develop, they will be profiting from a problem they created themselves. This is something that they may actually be able to sell to the consumer market, but the corporate world will most likely be wise to such shenanigans. What concerns me is that the naievite of the consumer market leaves them vulnerable to such a ploy, and it's been apparent that the Department of Justice isn't too concerned with protecting them either.

Microsoft could provide these tools free of charge, as they currently do with their firewall. This would be the best, and most ethical, approach in my opinion. But again there is a danger: given Microsoft's track record, it's likely that the software will be bundled with the operating system. With a built-in safety net, the motivation for Microsoft to produce higher-quality code is lessened, and the security of personal computers is all once again in the hands of a single vendor who has given the topic far too little consideration in the past.

In my opinion, this direction would largely serve to perpetuate the problems we currently see with Microsoft products, while giving users a false sense of security. But with Redmond, I tend to be a skeptic, so let's just hope it doesn't play out that way.

No comments: