Does Microsoft care about their customers’ security?

A few days before the launching of Microsoft’s last operating system, FSFE wondered about users’ security since an important vulnerability has been silently ignored. I then asked myself the question, in what way Free Software is different regarding security?

It appears that our allegations were true and should have been taken seriously. As an article in Computerworld reports, Microsoft finally issued a security advisory about that high-risk vulnerability three days ago. The problem is still not fixed though.

What’s important there is that this vulnerability already triggered a warning (en) by the BSI agency more than a month ago! Despite the consequences, Microsoft meanwhile decided not to tell its customers in order to avoid bad publicity around the launching of Windows7.

Such despise towards their customers’ security has led me to ask: Does Microsoft care about their customers’ security less than they care about their good image? This experience proves the answer is yes. Microsoft has made the choice to keep their customers in ignorance and in the same time has put their systems at risk. This is yet another perfect illustration that proprietary software hijacks users: Microsoft is ready to sacrifice your security for their commercial purposes.

Is Free Software more securing?

While Microsoft is going to launch in a flood of propaganda advertisement its new operating system – Windows 7, an important security hole seems to have been quietly ignored. Microsoft has to make itself a better image towards users, after the more than mixed success of Windows Vista, which still has difficulty to replace the old Windows XP. So it’s not difficult to understand that the monopolist takes more care of packaging than it takes care of security.

Free as in Freedom operating systems are not perfect, however I think we have the right to say Free Software is more securing. Here’s why. First, the source code is open, which allows any pertinent entity (be it a developer, an IT security agency, or a competing company…) to identify holes – and to fix them. Second, Free Software does not create monopolies, it participates on the contrary to a better repartition of tasks. i.e., there are several versions of Linux, several operating systems based on GNU and Linux, several vendors or communities and several shippers. And this collaborative development needs transparency. All these different actors ensure that every single level of development of the system is under control.

This is a major difference with development model typical for proprietary systems where the repartition of tasks is possible, but where there is no diffusion of responsibility or power. Every actor keeps the exclusive control over its software and thus over probable security holes. This results in really important issues, especially when one company holds a monopoly and abuses its position over such an important market as desktop software. Every single user of Microsoft products are strongly dependents on it. Resolving problems can only be done if Microsoft wants to. Unhappily, in such an overwhelming structure as Microsoft, if marketing is considered more important than security, it is the user who will pay.

So here are some incidents due to security issues with Microsoft softwares, that were mentioned since October 1.

It does not only concern operating systems and big infrastructure, but also basic software as web browser, which are used everyday by billions of people. Here again, Microsoft takes its time.

About the subject

I am not the first one to talk about this issue of course. If one wants deeper explanations, he should find details in this article: Why Free Software? Look at the numbers! or also, Computer viruses are caused by Proprietary Software.

Anyway, what’s important before security or technical issue, is trust and control.

It’s our duty to take care of our own security

Finally, I’ll say that Free Software is not more secured itself. But by giving the freedom to study the source code, to improve and to share modifications, Free Software gives its users the power to take care of their own security instead of giving it up to someone else.

It’s not a coincidence if Free operating systems have excellent tools to grant users privacy and intimacy, like GnuPG or OpenSSH.