Microsoft is spending February squashing bugs, making amends

Microsoft is spending February squashing bugs, making amends

'Trust is most often known in the breach. You get little credit for doing it right.'
'RICHARD PURCELL

Microsoft Corp. software engineers are spending this month doing nothing but fixing bugs and security holes in the company's 20-year-old software product architecture.

The unprecedented coding stand-down is one of several steps the company is taking to make amends for products that have been full of bugs and security holes, said Richard Purcell, head of Microsoft's corporate privacy office. He spoke at a Washington conference hosted this month by the Privacy Officers Association.

Microsoft chairman Bill Gates 'is really annoyed by the incredible pain we put everyone through in computing,' Purcell said. 'We have to get this right.'

The company's budget for the next year will score development efforts according to a privacy index to ensure that privacy is built in from the beginning.

'If the index is not very good, the money is in jeopardy,' Purcell said.

An outside party will validate the privacy index figures, Purcell said, but 'we don't have any intention of releasing scores outside of the company. That is private information.'

Microsoft has long been criticized for buggy software and abuse of its dominant market share.

In January, the Electronic Privacy Information Center in Washington sent a letter to many state attorneys general complaining of a lack of privacy controls in the company's Passport, Wallet and .Net services.

Passport gives users a single portal for authentication and access to Web services. EPIC said the tool gives little protection against unauthorized use of information it gathers, and it has inadequate security against theft of the data.

Purcell characterized the accusations as 'unfounded misstatements of the way our services and technology work.' He said Passport is an authentication tool that does not track a user's activities after signing in.

Passport problems

EPIC also complained to the state attorneys general that Passport data cannot be deleted once an account is created.

'Deleting a Passport account can be a real problem,' Purcell acknowledged, because that would render personal data on sites accessed through Passport no longer available to the user.

'But if you are satisfied with that risk,' he said, it's possible to resubmit the Passport account form with garbage in the data fields to overwrite personal data, 'which is pretty close to deleting' the account.

Other complaints involve the Windows XP operating system, which takes a snapshot of the user's computer components at activation as a way of enforcing the company's software license for a particular machine.

Purcell said Microsoft does nothing with the captured component data.

'We don't care about your machine,' he said. The data is reduced to a one-way numerical hash used by Microsoft to ensure that its OS is run on only one computer. Establishing trust in the privacy and security of Microsoft products could take a while, however.

'Trust is most often known in the breach,' he said. 'You get little credit for doing it right.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above