Ryan's Journal

Considering all the recent negative press surrounding Microsoft after the advent of the Blaster worm and SoBig virus, the New York Times decided to interview Bill Gates and see what kind of defense he could mount for his company. Read the interview first, then find out where he was lying.

We want the update process to work so automatically that in the future these problems won't happen. The hackers are attacking not only our systems but other systems, and with the right kind of infrastructure and the right kind of work we can make sure they don't disrupt things.

Gates thinks being able to update your computer whenever they want to is a good solution to the problem. What if somebody uses that mechanism to spread a virus? What if the patches need to be applied in sequential order, as they do now, and somebody misses one? If the patch disrupts certain software? Can people with their own external security like firewalls decline these patches, knowing what kind of other problems they normally cause? What if someone doesn't trust Microsoft to use that kind of power justly?

Microsoft's reputation for doing great software research is very strong, and people are looking to us now and saying, "no other software company has solved this; you, Microsoft, need to solve it." We're rising to that challenge. The expectation they have of us is very high.

Microsoft has a reputation for buying great software research, not much for developing it on its own.

No other software company has needed to solve the security problems Microsoft faces because no other company has such major security problems.

The challenge is that we've got to get the fixes to be automatically applied without our customers having to make a special effort.

Your customers never should have had to make any special effort because your product did what it was supposed to, not because you failed. But you did fail. And you have failed. Repeatedly.

It's within our ability to make the systems invulnerable because the speed of update is as great or greater than the speed that somebody comes up with an exploit.

If it was within your ability to make systems invulnerable before, why were they not? Why are they still vulnerable when you sell them to the world?

These patches will be signed by us, and things that are put into the critical security path that we have to pass through we have to be very careful that there is no regression in those things. It's a channel that has to be used not for features, but just for very critical things. We have some other ideas such as something called behavior blocking that will obviate the need in many cases to use patches.

Your past record does not speak well of something signed by Microsoft actually functioning. You were 'very careful' in the past, and you failed (see Windows NT Service Pack 6a, replacing the very broken Windows NT SP6).

Q. Are you concerned about the possibility of product liability suits?

A. Well, we're doing our best to improve Windows and make it so our customers don't run into these problems. I think this is a critical issue for our customers, and solving this will be fulfilling the commitment we made on trustworthy computing. We're doing our very best, and that's all we can do.

You should be afraid. Your products stink. Their general weaknesses have added up to billions of dollars in productivity losses around the world.

How I wish a viable alternative to Windows existed.