A notable anniversary in the annals of personal computing is arriving this Sunday. Ten years ago, on Jan. 15, 2002, Microsoft's then-chair Bill Gates penned the famous Trustworthy Computing Memo.
That was the day Microsoft finally woke up, smelled the hackers, and began getting serious about security. Gates wrote:
In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We've done a terrific job at that, but all those great features won't matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve. ...If we discover a risk that a feature could compromise someone's privacy, that problem gets solved first.
[ Also on InfoWorld: Redmond may be drawing to the close of a different chapter in "Microsoft + CES: End of an era." | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
Of course it's one thing to write a memo, another thing to make it real. The notoriously insecure Internet Explorer didn't stop being a hacker's plaything until the release of IE8 in 2009. During that time frame, Microsoft went from owning 90-plus percent of the browser market to less than 50 percent today. A lot of that had to do with IE's notorious vulnerabilities and poor performance.
Vista's User Access Controls, an ill-conceived effort to keep users from harming themselves, made computing more annoying, not more trustworthy. (It was also brilliantly parodied by Apple in its "I'm a Mac" commercials.)
But by and large, Microsoft products have steadily grown more secure over the years. Christopher Budd, a crisis communications consultant who was working in Microsoft's Security Response Center at the time the memo was issued, says Gates's notice helped bring us all a little closer to the goal of secure computing: