Tuesday, February 15, 2011

Windows users: it's your problem now

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:
"We broke Windows. It's your problem now."

At least, that's how I interpret his comments. Charney wants to have users pass a kind of "health test" for their computer before they can use web services.

"Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats," he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank - or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.

Let me take the "health" idea in a different direction: it's like safe sex. Previously, wise PC users used a sort of "computer condom" (anti-virus software, firewall, etc.) That worked pretty well, and was really aimed at preventing infection. Like a condom, see? Microsoft's Charney now wants to change that, so that you can go play with whomever you like, but you should make a "good health" claim first. Charney suggests you can opt out of a scan, but there will be consequences.

Yeah, right.

To me, this is just passing the problem on to the consumer. That makes me wonder - does Microsoft even intend to address the gaping security holes in Windows anymore? Maybe the Corporate Vice President for Trustworthy Computing should suggest a different approach: make Windows more secure, more "trustworthy".

But maybe that's just me.

Instead, I see Charney's statements as raising the TCO for running a Windows system. Corporate IT can probably absorb this without too great an additional cost, but home users may quickly find the constant barrage of "let me scan your PC before you can access our web site" to be annoying. That would make for an interesting sea change.