Bruce Schneier Says Microsoft Is Proving Security is NOT Their #1 Priority.
When Bruce speaks, most people listen. Yesterday he got on his pulpet and discussed his views on Microsoft's stance on security.
The gist of it? Microsoft is showing that security is NOT their #1 priority in the wake of the release of XPSP2. Why? Because more than anything else Microsoft has said or done in the past few years, NOT releasing XPSP2 to pirated versions of Windows XP proves to him that security is not the company's first priority. Here was a chance for Microsoft to do the right thing: to put security ahead of profits. Here was a chance to look good in the press and improve security for all its users worldwide. Microsoft says that improving security is the most important thing, but its actions prove otherwise.
I can't say that I disagree with him. In this era of computing not only do you have to ensure your networks are secure, you have to rely on other people to secure theirs. If you don't patch pirated versions of Windows XP, these machines will continue to be carriers of malicious code as vulnerabilities will stay open, as will bad security processes such as running without a firewall, anti-virus etc etc.
Of course, if the digital underground's response is anything like XPSP1, pirates will have a work around within days…. but thats not the point. Its hard to weight this off when Microsoft has every right to protect its profits. Or does it? Some say Microsoft has a higher responsibility in ensuring our desktops are safer because of the very dominance they enjoy. Quite frankly, most pirates aren't going to buy XP if they haven't already. And these people are typically the same people ripping warez off of P2P which is infected with hostile code just waiting to spread.
I think Bruce could sum up this post way better than I could… “SP2 is an important security upgrade to Windows XP, and I hope it is widely installed among licensed XP users. I also hope it is quickly pirated, so unlicensed XP users also can install it. For me to remain secure on the Internet, I need everyone to become more secure. And the more people who install SP2, the more we all benefit”. [Dana Epp's ramblings at the Sanctuary]