Does Microsoft care about their customers’ security?

A few days before the launching of Microsoft’s last operating system, FSFE wondered about users’ security since an important vulnerability has been silently ignored. I then asked myself the question, in what way Free Software is different regarding security?

It appears that our allegations were true and should have been taken seriously. As an article in Computerworld reports, Microsoft finally issued a security advisory about that high-risk vulnerability three days ago. The problem is still not fixed though.

What’s important there is that this vulnerability already triggered a warning (en) by the BSI agency more than a month ago! Despite the consequences, Microsoft meanwhile decided not to tell its customers in order to avoid bad publicity around the launching of Windows7.

Such despise towards their customers’ security has led me to ask: Does Microsoft care about their customers’ security less than they care about their good image? This experience proves the answer is yes. Microsoft has made the choice to keep their customers in ignorance and in the same time has put their systems at risk. This is yet another perfect illustration that proprietary software hijacks users: Microsoft is ready to sacrifice your security for their commercial purposes.

6 thoughts on “Does Microsoft care about their customers’ security?

  1. Pingback: Hugo Roy (hugoroy) 's status on Monday, 16-Nov-09 14:57:33 UTC - Identi.ca

  2. Why should they care? If they are in the game merely for money (and they are) then it would be accurate that they are not specifically interested in computers anyway – only as long as it seems like a business opportunity.

  3. Yes of course. But how is it possible that the major company in desktop operating systems can make such a choice?

    My point is that proprietary software business models can also hijacks users’ security for commercial purposes.

    In Free Software markets, this would never be a business opportunity to sacrifice users’ security.

  4. They do not want to make security errors, but when they do, they cannot be open about it. Because it won’t sell. Their decisions feed one only goal – we have to sell as much as possible and continue to dominate the market.

  5. I think this is more complicated than that.

    Microsoft has to consider two options regarding the way they behave towards their customers on the subject of security:
    - either they choose to go public about those kinds of known security issues and warn their customers very fast (where is the problem anyway? Software always has security problems!)
    - either they think that saying anything to their customers is more harmful than not telling the truth because they have to make themselves a better image since the mitigated success of vista in the general opinion.

    Microsoft has made the second choice. Because their business model is based on closed binaries and they want to maintain an illusion of security (security by obscurity as we call it).

    But Microsoft could have made the first choice. Telling their customers about security issues is a smart decision, because anyway software comes with security problems.

    Telling the truth about security does not lead necessarily to less selling. On the contrary, I think people would rely more on a company that is taking their security more seriously.

    That’s just not Microsoft strategic decision. They think that their business will be better if they care more about good publicity than they care about security.

    So regarding this conclusion, one should ask: how can a software business model can lead to such a despise of security?

    And my answer would be: the Free Software business model does not allow such a thing, because it would be a strategic failure and a business suicide to hijacks users’ security (or freedom).

  6. Pingback: Roy Schestowitz (schestowitz) 's status on Wednesday, 18-Nov-09 02:17:49 UTC - Identi.ca