Kandek's idea was one sure to upset Microsoft's stockholders. "It would be a radical move, but Microsoft could cut the price of a Windows 7 upgrade to $29, the same price that Apple charges for Snow Leopard," he said. By slashing the price of Windows 7, Microsoft would convince more users, especially those in developing countries where malware is a major problem in part because it's seeded on the pirated copies of Windows people purchase, to upgrade from less secure versions of Windows and keep their PCs patched.
"Giving us an incentive to move to Windows 7 would be a great thing," Kandek said. "It could help a lot."
ESET's Abrams, however, took offense that Charney would suggest a tax when there was so much Microsoft itself could do to make the Internet a safer place. (Abrams wasn't alone...numerous readers of the IDG News Service story that covered Charney's keynote at the RSA Conference this week said much the same thing, although often in more colorful language.)
"Microsoft has allowed a powerful malware-enabling technology to exist that most of the major threats have incorporated," Abrams said, referring to AutoRun, the Microsoft technology that starts some programs automatically when a CD, DVD or other media is inserted. The notorious Conficker worm spread by exploiting AutoRun on flash drives. According to ESET, which is best known for its NOD32 line of antivirus software, almost 30 percent of in-the-wild malware uses AutoRun as an infection vector.
Although Microsoft made moves last year to restrict AutoRun, first in Windows 7, then in Vista and XP, Abrams argued that because Microsoft didn't mandate the updates for the latter two operating systems, it doesn't have the right to ask for a tax to pay for clean-up. "They shouldn't point to the user when they have four fingers pointing back to themselves," said Abrams.
He was even more blunt in an entry on the ESET company blog later Thursday. "I appreciate the remarkable and laudable security progress Microsoft has made, but before you, Mr. Charney, ask users to swallow a tax or fee for bot clean up, bite the bullet and clean up the AutoRun infection vector," Abrams wrote.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Knowledge Center.