Microsoft must face up to demon

Microsoft's "trustworthy computing" campaign, like so many other Microsoft launches, is little more than marketing.

Round about now the burst of spring software code cleaning ordered by Microsoft boss Bill Gates will be coming to an end. Gates instigated the clean-up in January when he said the company was to make “trustworthy computing” its priority, ahead of adding endless features to its software.

Thus began what was to be a month-long halt to new code creation as Microsoft developers were told to check existing code for defects. This was to apply to everything from desktop operating systems to .Net tools and, in the case of the next version of Windows, was to involve an "intense review of the Windows source code", a Microsoft spokeswoman said.

While the spring cleaning was under way at HQ in Redmond, Gates despatched the Microsoft diplomatic corp to far-flung outposts of his empire to explain what trustworthy computing was. Craig Mundie, technical head of advanced strategies and policy, mounted his horse for the long ride to Adelaide (where he addressed the IT congress headlined by Bill Clinton) and then Auckland, where he was due after Computerworld went to press. (Mundie will be remembered by open source proponents as the Microsoft executive who last year dared attack freely distributed code for its incompatibility, its threat to intellectual property and for being an all round bad business model. One wonders if, these days, he can see its benefit as a way of getting collaboration on fixing bugs.)

Mundie was to talk to the IT press while in Auckland and, according to the invitation, would pass on “what the IT industry, government bodies and businesses around the globe are doing to ensure that our computing environment becomes as trusted as everyday essential services like electricity and telephones”. Which is interesting because, in the minds of many, a large part of the reason computing is considered untrustworthy is entirely down to Microsoft, not the IT industry as a whole, nor government bodies, nor businesses around the globe. Nobody would argue with the need for Microsoft to pay more attention to making its products trustworthy, but this sounds more like an attempt to duck responsibility.

Computerworld’s been witnessing another example of the same tendency in relation to a strange glitch that reporter David Watson experienced with his Hotmail email account.

When Watson happened to glance in his sent folder at the end of last year, he discovered 10 messages stored there which had nothing to do with him, but which showed him as sender. They contained a variety of sensitive information relating to several people with whom Watson had never had any contact, including bank account details and a document in support of an Accident Compensation claim.

More than a month has gone by since Watson sent Microsoft a please-explain. Explain it certainly hasn’t done, although it has evaded most athletically. It was left to the MSN Hotmail team to field Watson’s query and its first suggestion was that since his password was known to someone else – me, as it happens, so I could access a work-related message once in Watson’s absence – his account was clearly compromised. Well, maybe, except only Watson and I ever knew the password.

The Hotmail team’s fall-back position was that some ISPs, including in Australia and New Zealand, sometimes cache web pages for faster serving, and Watson might merely have been served pages containing messages that didn’t belong to him. This, however, the team went on to say, was “not a security issue of MSN Hotmail”. (You wonder who they supposed it might be a security issue of then, because MSN partner Xtra wasn’t owning up to it either.) The other problem with this suggestion is the messages remain in Watson’s sent folder; their appearance there is not just an image of a page whose contents he can’t actually access.

The most plausible explanation of what might have occurred is that a Hotmail programming fault or a data transmission error is to blame. But Microsoft didn’t come up with that; Iain Walmsley, a reader from Palmerston North, did. It seems likely that Watson was a victim of a Hotmail bug first identified late last year, so when he queried Microsoft about the strange goings-on with his account in January, it should have been well aware of the cause.

The company’s response to efforts to solve the mystery, and Mundie’s apparent unwillingness to accept that Microsoft must shoulder most of the responsibility for computing’s untrustworthiness, suggest that this campaign is like so many other Microsoft launches – little more than marketing. As any therapist helping someone overcome a long-standing personal problem will tell them, they won’t get anywhere in resolving it without acknowledging that the demon exists.

Doesburg is Computerworld’s editor. Send letters for publication to Computerworld Letters.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags trustworthy computing

More about BillHotmailMicrosoftMSNXtra

Show Comments