Microsoft can’t give away better security

Microsoft Australia has made a plea to its users: please, please use more of our free security stuff, even if it means they’ll waste time on social networks

I’ve been hanging around IT journalism for 15 years, but I’ve never quite had an interview like this one before: Microsoft can’t understand why you don’t hurry up and adopt its new, free, and more secure products.

I learned this factoid over coffee with Stuart Strathdee, the company’s Chief Security Advisor for Australia. Stuart wants you to adopt Internet Explorer 8, because not enough of you have done it so far.

He’s not entirely sure why, but feels that perhaps compatibility with some older applications is holding you back. “One or two old versions of PeopleSoft and SAP” don’t play nicely with IE8, he says. He also says some CIOs like the fact that IE6 is bad at AJAX, as this means some social media sites become less usable, a de facto block some appreciate. Some developers, he adds, are also being told to develop for IE6.

I put it to Strathdee that perhaps many IT departments have invested a lot of time and energy hardening environments built around IE6. Such users know IE6 offers less-than-stellar security, but are confident with the hardening they have undertaken and have little desire to re-invent the wheel.

Strathdee counters that the improved security afforded by IE8 is worth it, even if your ERP needs a tweak. “The scope of work to upgrade ERP is very small compared to creating workarounds for IE6,” he asserts. In any case, various features in Windows 7 make it possible to use virtualisation to run IE6 more securely if it remains necessary to do so, while you use IE8 for day to day browsing.

At this point in our conversation I remark that it is profoundly odd to be talking about slow adoption of free software that is faster and more secure than its predecessors.

Strathdee agrees, then tells me Microsoft has the same problem with its free antivirus tool Security Essentials.

“We are getting good downloads, but less than expected,” he tells me, going on to explain that it is actually the most advanced security product Microsoft offers. “Security Essentials uses the next-generation Forefront engine,” he says, explaining that the engine in question is not yet sold with Forefront but has been built into Security Essentials.

At this point I’m reminded of a question I put to Symantec CEO Enrique Salem when he visited Australia in December 2009. I asked Salem if Security Essentials had made any impact on Symantec’s business.

“None at all,” was his firm and instant reply.

Which leaves Microsoft unable to give away its best security efforts, a very odd state of affairs indeed!


Read more on Security policy and user awareness