The following text is copyright 2002 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.


A trustworthy computer company?


By Scott Bradner


In a revelation which is being likened to the one preceding his 1995 email message that told the folk at Microsoft that the Internet was something to keep in mind, Bill Gates now understands that security would be a good thing in Microsoft products.  In an email message sent to Microsoft employees Gates pushed the philosophy of "Trustworthy Computing" and exhorted the employees to keep security foremost in mind when creating new programs.  This is good stuff, it is sad that the revelation is about a decade late, but, if he can get the Microsoft rank and file to pay attention, it will be very good for the Internet.


It's not that there have not been signs that Microsoft had badly missed muster when trying to balance the desire to make their software easy to use and the need to make it somewhat secure.  The many millions, or, if you believe the trade press, billions of dollars that businesses, in the US and around the world, have spent cleaning up after a seemingly never ending series of email-based viruses should have provided a hint before now.  So should have the security patch of the week that needs to be applied to Windows systems to keep high school hacking clubs from taking down corporate America.  Its interesting that the Gates memo does not mention the ease of use problem with security - it mostly focuses on adding features: "when we face a choice between adding features and resolving security issues, we need to choose security."  This is the right thing to do but it's not enough.


If Gates can get Microsoft to follow through on his memo, future generations of Microsoft software will be much more secure and the 'Net will be a more secure place as a result but it will not be easy.  Press reports say that internal Microsoft security teams have been told by some product developers to not bother them.  But Microsoft does have some advantages, other press reports say that salary and bonuses for Microsoft applications developers will be tied to the security of their products.


 Gates does seem to understand that Trustworthy Computing is not just about security.  In his memo he lists availability, security and privacy.  To me itŐs a bit worrisome that he includes a comment in his paragraph about availability  that there should be "service resumption without user intervention in almost every case."  I'd rather the stuff did not crash in the first place.  I am happy about his aim on the privacy front: "Users should be in control of how their data is used," although this might not be totally in sync with some of the recently reported features of Internet Explorer and Windows Media Player.


Trustworthy Computing, Gates says, "is computing that is as available, reliable and secure as electricity, water services and telephony."  That is a tough goal considering where Microsoft is today but itŐs the right thing to strive for, I just hope they can do as good a job of this as they have in making their software overly helpful.


disclaimer:  Overly helpful is a what some people say about Harvard but this memo review is mine alone.