Friday, October 22, 2004

Microsoft's Security Problem

Microsoft's Security Problem

Here is a great article explaining the philosophy behind Microsoft versus Open Source philosophies. Microsoft is all about making money with software, which is fine but it doesn't produce great software. I believe Microsoft's greatest asset is finding the balance between having features that users want and having bugs in the software. Users are able to tolerate X number of program failures. Microsoft can always fix software bugs in the next update.

For the most part, people don't understand how software is supposed to work. When they click on a button and it doesn't do anything, they click on the button a second time. They expect a different result from the same input. It is very hard to teach a person how to get around specific software bugs by showing them a different way to do the same result.

Best quote:
a security flaw is just an exploitable bug...Security is not a feature you add to a product. It's not even a process, or a an attitude, or whatever else you thought I was going to say. No, security is an emotion. Computers don't have emotions, people do. Security, to a programmer writing code, is having confidence that his code is correct. To be correct, it must be shown to everyone, including to the bad guys.


The trick to creating software is that it is full of mistakes. It is the mistakes and resolution to those mistakes that drove me to find a different option in Open Source.