How To Make More Secure Software

ZDNet UK - News - Patching 'still too difficult'

I don't know why patching is a viable system at all. If any other product hits the market with serious defects, it gets recalled. But software, no matter how full of defects, gets only a Band-Aid and a "Sorry." No refunds, no replacements -- the process isn't even convenient.

I realize the software market is competitive (wherever Microsoft isn't involved, that is), but do release cycles really need to be so quick? How many people actually upgrade their software beyond when they upgrade their computer?

Microsoft actually provides an example. So many people (especially corporate people) still use Windows 98 that Microsoft couldn't go through with discontinuing support for the OS. True, they charge for its support now, but they couldn't force people to upgrade. At Scott's old office, the computers had a mix of Windows versions, with the vintage depending on the computer's purchase date.

Microsoft did, I think, get a lot of upgrade purchases when it released Windows 95. But Windows 95 was something of a revolutionary operating system on the PC platform -- it copied the Mac. The previous version of Windows, 3.11, was the first usable version, but it was nothing compared to Windows 95. Windows 98 and all subsequent versions were just refinements of the basic user-interface system. And there were plenty of people who didn't like those refinements since they increasingly tied Internet Explorer into the interface. However, once Microsoft releases a new system, all new PCs get it, and who still uses a pre-1998 computer?

I think if companies were to stop the horrendously fast upgrade cycle and make sure their software was bulletproof before releasing it, we'd have a much safer Internet. It's not like Dell will stop buying Windows if Windows doesn't get released every two years.

Of course, that's not to say I believe Microsoft's delays in releasing Longhorn (the next version of Windows) are due to them beefing up security. I just get the impression that they're having problems something like Apple did when it had it's next-generation OS, Copland, in development. After so many delays, the system ended up never seeing the light of day (except for a few features that got incorporated into Classic OS releases). Thus Apple ended up purchasing NeXT and its OS to create OS X.

Who knows, maybe Microsoft will give up on Longhorn like Apple gave up on Copland and turn to building a system on top of Linux like Apple built one on top of BSD. And then Unix will have taken over the world.