Security as a Profit Center?

Harry Erwin writes "This article seems to suggest Microsoft is now considering charging for security. I don't mind vendors like Counterpane Internet Security selling security services, but I would prefer operating system vendors to treat security as part of the core functionality of their products, if only because effective security has to be designed into the operating system from the start. This proposal would create a two-tier Internet and probably make things worse rather than better. Security is like public health and education--if you think it's expensive, consider the alternative."

Yea, right.....

[FreeLinux]

So, based on your previous security record, Mr. Gates, I gleefully award you this multi-million dollar contract for security services. I already feel safer from all those evil hacker dudez.

Honestly, what schmuck would pay Microsoft for security??

Well...

[Xenographic]

Don't they already charge us (albeit in a different manner) when they give us new EULA terms for security updates?

This is not unlike the anti-virus companies who charge us for new virus definitions. Except that here, the mistakes they made shouldn't have been in there to begin with.

Unless they give us *some* kind of extra service beyond the patches, I can only see this developing into a *very* strong reason to use OSS instead of MS whenever security is important to what you're doing (essentially, always).

good

[gornar]

I enjoy hearing of the ways that Microsoft proposes to screw their clientele. I'm a Windows user, and will be until another OS, whether it be Mac or Linux etc., starts getting all the first-tier games before Windows. I don't do anything else with my PC, so why switch?
If Microsoft can manage to alienate the game playing crowd enough, more and more developers will transition to Linux development, and I can switch too. They are, quite charitably, squashing the chicken/egg problem in PC gaming.

Buffer Overflow

[sdjunky]

"Windows runs an arbitrary set of applications, in an arbitrary configuration, with arbitrary devices, said Mundie. 'The operating system is designed to run on machines that are not designed yet.' While Microsoft could demand that it creates the drivers for all hardware, the industry would not accept that. 'Each time we accede to the reality of the industry, we accede to the problem,' he said."

Yep. All those string buffer overflows are obviously caused by the ram. And those virii that use Outlook automation obviously use the fact that Windows has to account for various pieces of hardware too.

Re:Maybe they should be held liable?

[jedidiah]

Perhaps we really should views Mundie's excuses as the perfect argument why Microsoft software is simply inappropriate in some places. Mundie's comments are simply crass and insulting. Why should Microsoft be guaranteed profitability in a certain market niche? Why should we just forgo products liability just because it might not make a particular company competitive anymore.

Liability concerns have forced far more worthy companies out of this particular market (aircraft subcontractors). Why should Microsoft expect special treatment?

Lots of OSs were B-rated by NCSC

[billstewart]

• AT&T System V/MLS was B1-rated
  
• Sun did several secure Unix variants, including Compartmented Mode Workstation, which met requirements from a slightly different set of DoD bureaucrats, and was roughly B 1.5.
  
• There were probably some others.
  
• Boeing and some Honeywell stuff had A-rated special-purpose network gateway machines