Thought for the day: Placing trust in trustworthy computing

After a summer of worms and viruses, our confidence in Windows seems to have dwindled as we question whether trustworthy...

New Asset  

After a summer of worms and viruses, our confidence in Windows seems to have dwindled as we question whether trustworthy computing really does exist, says Simon Moores.




Trust has, like cornflakes,  become a commodity. In the dictionary it is defined as "firm reliance on the integrity, ability, or character of a person or thing".

Place computing and trust together in the same sentence and tell me if it feels right. Is there such a thing as "trustworthy computing", or has Microsoft made a mistake by placing so much emphasis and indeed, its credibility, on the "T" word?

The other evening I happened to watch The Green Berets, a Vietnam war film starring John Wayne.

It struck me while watching the film that there was an analogy for me to draw upon from the story.

One side, led by the heroic Colonel Kirby (played by Wayne) relies on a heady mix of optimism and overwhelming firepower to keep the enemy outside the barbed wire perimeter of the jungle camp.  “What,” says Kirby, “happens if Charlie hits this camp before it’s completed?”

Charlie, you see, has a habit of sneaking through the wire at night, and I’m equally reminded that Microsoft has spent the equivalent of a small country’s GDP trying to build more "trust" into its products, and as fast as it patches, the enemy sneaks in.

So the enemy continues to find its way through the gaps and, as long as these gaps keep appearing in Windows or even Linux, then any real suggestion of trust in the computing space remains an out-of-reach abstraction.

Have the events of W32 Blaster, Sobig-F, Welchia and more, irreparably damaged our confidence in the Windows environment? Or are consumers and businesses more likely now to recognise that we are caught in the crossfire of an undeclared war for control of cyberspace, where Windows just happens to be the most prominent and often, the most vulnerable victim?

It may not matter that this month’s statistics suggest that Linux is now the more popular target, because most of us depend on Microsoft plugging the gaps in its software perimeter before Charlie exploits them on our servers.

Can patching ever work efficiently? I’ve heard it suggested that Microsoft should send every customer on the face of the planet a CD with the latest patches and service pack. This may seem like a good idea, after all, I would be online all day from a dial-up connection updating my four PCs. But by the time the CD arrives in the post, there would probably be something else to worry about.

I don’t believe that businesses are prepared to let software companies take patching to its logical conclusion and patch their systems automatically through an evolution of Windows Update.

Interoperability still remains a myth in this business, and patches which can, and often do, carry errors occasionally wreak havoc on expensive and mission-critical production systems and, occasionally, even desktop PCs.

Was this summer an unfortunate hiccup, and is Microsoft’s Trustworthy Computing campaign, while bruised and bleeding, still relatively intact in both principle and practice?

Can patching ever work effectively enough to stop Charlie creeping through the wire and causing the multimillion-pound levels of business interruption seen this summer?

What do you think?

Can we ever expect to totally trust our IT systems? Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.

For further information on Zentelligence and its research, presentation and analyst services visit

Read more on Antivirus, firewall and IDS products