Security Religion Comes to Redmond

Two articles at eWeek, Darryl Tafts Microsoft Increases Security in Visual Studio 2005 and Dennis Fishers Changing Monthly Patch Habits with Microsoft, emphasize how far behind the adoption curve Microsoft has been on security and its related reliability and availability. But we, as consumers, knew this all along. I rememebr at a PDC conference getting the following advice on persistent blue screens of death with Windows 95 or Windows NT and Visual Foxpro. No it was not some sophisticated registry adjustments. Nor was it some updated .DLL files. No it was to reboot immediately whenever Foxpro hung – dont try to recover. And if the problem persisted reinstall Windows and Visual Foxpro to get a clean Registry and install image. Later at a 1999 tech conference I sat in on a discussion of exception handling with VC++. The jist of the discussion was when to use the two different try/catch/finally schemes in VC++ and how to approximate exception escalation. A little later, the discussion in the VB seminar was the how to approximate try/catch/finally exception handling without having the appropriate commands.

I remember both discussions vividly because someone in a panel discussion earlier in the day had the temerity to suggest that Microsoft had delivered “just good enough” software to which the Microsoft member of the panel took great exception citing all the extra efforts his staff took in delivering their product. And I am sure that was true. But the fact of the matter was that for a client at that very same time Windows ME was making programs and devices that used to work – totally inoperable; but I did not bring up the topic. Nor did I suggest that Microsoft was behind the curve on basic security measures and functionality in its programming languages and development tools.

So OS/2 had the security, availability, and reliability that maybe XP and Longhorn more than ten years later will start to deliver. And HP/UX , Sun Solaris, and Linux have the reliability, scalability, availability and security that Microsoft defiantly says Windows Server 2003 can also deliver despite the evidence. For example, high transaction, enterprise developers shy away from it except for highly controlled implementations. But perhaps of most concern is that Microsoft is using for the first time in a major way its own agent of change – its development tool of choice to deliver security, reliability, availibility, etc => the .NET Framework. But only with Visual Studio 2005 and SQL Server 2005 will Microsoft “eat its own dog food” and use .NET in a major way in delivering major products.

Now I am a Christian person and welcome Microsoft into the -ties fold. Security will be born again in Redmond so we wont have to have monthly security updates that make administration of Windows Servers less costly than their Linux counterparts – “Praise the Lord”. Reliability and availability will be baptized with new found PreFix, PreFast, and FXCop tools to make certain Outlook wont seize up and Exchange will be a good messenger bearer – “Hallelujah and Hallelujah”. Programmers everywhere, including in Redmond, will learn and adhere to the new gospel and commandments of the Security Design Lifecycle and security and reliability will at last be bestowed upon all that emanates from 1 Microsoft Way – “I believe, I truly believe”. I am secure in my beliefs because the best Christian is a born again Redmond Software and Secure Christian.
Amen.

(c)JBSurveyer