We create save software

May 3, 2006 on 11:23 am | In Computing | Comments Off

Since Microsoft is talking about releasing Vista (on Armageddon Day, probably) they keep talking about how save it is going to be. Fact is Microsoft is constantly lagging with the security in its products, compare for example Internet Explorer vs. Firefox or Outlook vs. Thunderbird.

However, besides lagging technologywise Microsoft is also doing a poor job in picking good default values. The latest episode just hit my head minutes ago when I was configuring Microsoft Outlook 2003 at my new job. By default the message preview was turned on so I turned it off to avoid having insecure emails loaded when I click on them for removal. When I had a quick look at my sent mail box the preview was back again and I realized that the preview setting has to be modified for every folder. Okay, that can be done. However, guess what I met when I clicked on the Spam and the Quarantine folder? You guessed correctly, preview was enabled by default in these folders, too.

IT Security can be achieved by very complex and cunning programs with detailed rules and heuristics, yes. However, it can also be achieved by setting conservative default values that require a user to unlock a certain function if he/she really wants to use it. This approach is rather low level, user centered, and very cheap in implementation, yet Microsoft failes to do it properly. This episode just confirms in my eyes again that Microsoft may not lack good software developpers, but they lack a good, unified and comprehensive security culture. Who can still sanely trust this company?