Why Can't Microsoft Just Patch Everything?

paneraboy writes "If smaller software companies can patch all of their bugs serious or minor, ZDNet's George Ou asks, why can't Microsoft -- with its massive army of programmers and massive budget -- patch all of its vulnerabilities? Had Microsoft fixed a low risk browser vulnerability six months ago, perhaps we could have avoided last week's zero-day exploit. Currently, more than two dozen Windows XP issues remain unpatched. Ou thinks Microsoft ought to fix them all." From the article: "Almost 4 years after the launch of Trustworthy Computing, I found myself wondering why am I staying up till 4:00 AM to deliver an emergency set of instructions (Home and Enterprise) to my readers because Microsoft felt it unnecessary to patch a flaw six months ago that was originally low risk but mutated in to something extremely dangerous."

caring ?

[morbidi]

they do care about us

Economics!

[jgardn]

The simple answer is Microsoft has no incentive to provide software that works. They only want to provide software that will get people to dump bucketloads of cash on the Microsoft campus. Until people value software that works (which we know from experience they don't -- except rare customers) this won't change.

The Free Software community identified this problem a long time ago. They also saw another problem. As the number of users of software increases, the number of feature requests increase as well. How do you satisfy all of these customers simultaneously? Eventually, the proprietary software model is unable to address the needs of their customer base as it grows. (Witness that there is no Icelandic Windows available anywhere.) The Free Software solution is to let the users fix it. So, if there is a problem with the software that any one person is willing to spend the time and money on to fix, then it will get fixed for everyone. Since security holes bother at least a few of the users of Free Software, and these users are also ones willing to put in the time and cash to get it fixed, it gets fixed.

Simple capitalism is the reason why Free Software is doing so much better than proprietary software. As a piece of Free Software becomes popular, it increases in security, features, and usability at a faster rate than proprietary because of the economic incentives.

and in 2005

then it's obvious that software as it stands today in year 2005 is not worthy of patents or being called a product or being offered "for sale" or pay for use. Accept software is just a hobby and for a few decades people made some fabulous money with it, but today it can be stated it will never be good enough to qualify as a real honest product. Then, get a real full time job doing something else constructive and go back to coding in the evenings for funzies.

If you can't offer any warranty because the "product" is never good enough from bugs, then the "industry" needs to fail as a business and live on as a hobby, like stacking up legos or something.

I feel the same way about music, visual arts and etc. It's well past the point it is all that worthy of much cash. At most I'll pay for media costs and some bandwith fees, but no more cash than what that represents for any bits or bytes I receive, it's just not worth it anymore. I used to pay a lot for software, even honored all my shareware commits (I am one of those truly rare people in that regard), but *no freaking longer*. I quit, that industry gets no more cash from me-ever. I accept that all software from anyplace is perpetual buggy beta, it is never final nor fixed, all new releases break old stuff that was working fine, and they constantly introduce new bugs. And no vendors give any sort of legitimate warranty, so I treat it like what it is, someones elaborate hobby. I can get a warranty for any gadget I buy, but not for the buggy bits and bytes that run it...hmmm. Now, I guess I am a babe in the woods compared to some here, only being using computers since the 80's, but I've dropped some cash...and it's still bugware! And from what I have read, it was always bugware! This is bona fide historical precedent, gussy it up, dress it up all you want, the industry is still in diapers, now with shiny pins, but still diapers, because it REFUSES to grow up! They claim they can never produce non buggy ware, the evidence is clearly in favor of that statement, so I believe them, so I think it's ludicrous to pay for it beyond some handling fees for transfer.

    Software-although complex and distributed by large companies-is not a "professionally constructed product". They promised it would be by now, decades ago they complained it was a new industry, they needed "time" to get out of training wheels. OK, it's a half century and change later since coding really started in serious earnest all over the planet, and it's no less buggy than it ever was, TIMES UP!

    The software industry has proven it is incapable of being neither competent nor self regulating. Just like the music and movie industry, just way too expensive for what you get and completely filled with used snakeoil salesmen. It is no longer worth it. You can see it in meatspace, people have really stopped being excited about paid for new releases of anything unless it's videogames. This should be a major clue to "the industry". Businesses that rely on software have started to NOT upgrade as fast as they used to, because it's the same buggy crap when they do upgrade. Fool them once, you can get away with it, fool them a dozen times even the stupidest boss starts to smell a rat. Elaborate sand castles, nothing more...

    That people continue to be faked out and pay huge sums for it is mind boggling, especially the suckers who continue to pay for like MS "products" and from other large software vendors who charge huge sums for bugware with no warranty. This is changing all over the planet now, the price people are going to be willing to spend on software falls between "not very much" and "none". People need to take that to heart if they are planning on depending on that for an income.