One of the interesting things about heading home or to CO for the holidays is the feedback I get on how Microsoft’s security efforts are going. One of my many roles – whether I like it or not – is default systems admin for my family and friends. Wherever I head, I check out machines; are they patched, are autoupdates turned on, etc.? Is the machine spyware free? If there’s a broadband connection, is there a local firewall in place? Is their network secure?
Unfortunately, the answer generally is no to all of the above. The reason for this is quite simple, and my friend’s wife said it best – “it’s just too hard.” Microsoft is improving in this area, but for most users properly securing a Windows box is still just too hard. Even Windows Update is confusing. If I were Walt Mossberg I might tell them to move to OS X, but for many if not most this is simply not realistic. And of course, I’m not Walt Mossberg, so I’d tell them Linux 🙂 Windows is, for better or worse, what they know and what they will consent to use.
As a result, news like Mary Jo has today is a very welcome development. But frankly, Microsoft still has a ways to go, and they’ve set a few precedents that will be difficult to break. OS X, for example, asks for an admin password at application install time, Windows does not. When presented with an install password, many Windows users are incensed. The problem is beyond developing more securely; user expectations and experiences need to be addressed as well. Of the two areas, the latter might ultimately be harder to fix.