Microsoft’s task of securing its software was a huge undertaking, one that isn’t over yet.
One of the great, and possibly under recognised, business achievements of the computer age was Bill Gates’ recognition that Microsoft’s online strategy was flawed shortly after releasing Windows 95. A few years later he had to repeat the task when the company found its products were almost dangerously insecure.
In a sprawling account of the company’s response to the security problems at the turn of the century, Life In The Digital Crosshairs, describes how Microsoft’s engineers responded to their then CEO’s call for Trustworthy Computing.
The problems at the time were vast, compounded by Microsoft’s failure to take security seriously – the first version of Windows XP came out without a firewall which ensured thousands of users were quickly infected by the computer worms rampant on many ISPs networks at the time.
As the story tells, it was a long difficult task for Microsoft to change complex and interdependent computer code involving 8,500 of the company’s engineers.
One suspects the cultural challenges were even greater in getting the managers supervising the army of engineers to understand just how serious the security threat was to Microsoft’s users.
The biggest challenge though was Microsoft’s own product line; because the company hadn’t ‘baked’ security into its software, key products like Microsoft Office relied on lax security practices to work properly.
Office and Windows also had the problem of legacy code and applications; one of Microsoft’s selling points over Apple and other competitor systems was that the company took pride in supporting older hardware and software, this in itself creates security risks when programs designed in the MS-DOS days still want to write to the system kernel.
For Microsoft the journey isn’t over, although the shift to cloud computing has changed – and simplified – the company’s security quest by making legacy issues in Office and Windows less important.
Microsoft and Gates’ success in seeing off the threats posed by the internet gave the company another decade of computer industry dominance, however dealing with security issues was nowhere near successful.
In the end however it wasn’t security issues that saw Microsoft lose its dominance; the internet eventually prevailed as Apple revolutionised mobile computing while Amazon and Google improved cloud services.
With Bill Gates reportedly finding himself getting more involved in the company he founded, the challenges of both the internet and security are two that he’s going to be very familiar with. It will be interesting to see what we write about Microsoft in 2022.