How to fix Microsoft's security issues

While this may seem to be a very pompous title, I believe that what I am about to suggest is the best route to better (not perfect) security for Microsoft. We all know what scourge hackers and other malicious bots, worms, virus' and military operatives (yes, I'm serious) are to daily computer use. Face it, you are a target for a very wide gamut of attackers from script kiddies to 'information managers' of the communication divisions of your local military.

Microsoft no doubt cooperates with the American military, ensuring that America's information interests are not 'compromised' by too-good security and encryption. This is not the problem that we hear the mass media baaay on about. Rather, the issue is all about the annoyance and data loss problem, which ironically is also a problem for the military's surveillance, since what is lost can't be spied on.

So, how does one fix this problem? Well, Microsoft has chosen to stop all development work to train and upgrade the skills of its massive population of software developers and to make them aware of how to write code that is less prone to security holes like buffer overruns. So, as we develop new software this MIGHT help make new systems less susceptible to script kiddies and older attack methods, but it does nothing to secure the mound of code that is already out there in the wild. There is, apparently, a small group of developers in Redmond working away to tighten holes as they are reported to Microsoft by 'Whitehat hackers'. This is closing the barn door only after someone tells you that the horse is gone. It isn't a systemic search and repair of the barn. Worse, if someone doesn't tell you about the open gate, there is no assurance (to users of Microsoft's products) that the gaping hole will be shut.

The fix is simple; provide attackers, crackers, hackers and even the pimply-faced-fourteen-year-old-script-kiddies with a financial reward for being the first to document and report a security breech. By providing a generous reward (say $10,000) you could fund the discovery of 100,000 security holes in Microsoft products with just a billion dollars. This may sound like a lot of moolah, but when contrasted with the cost (lost revenue) from global business abandoning the Windows platform for something that is perceived as more secure, it is cheap insurance. The best benefit is that Microsoft would then be able to go to a world of users and declare that they are really serious about security and the elimination of vulnerabilities that exist in its products.

This is key to defeating the LINUX threat, as there is nobody dangling $10,000 for bug fixes to the LINUX kernel or various open-source products. One's name on a contributor's list pales in value when compared to cold, hard, cash. The goodness of one's heart and a passion for a faith (in this case, open source software) is almost always co-opted by money. Love doesn't feed one's children.

Of course this is not a perfect solution (is there ever one?), as not every hacker, cracker or script kiddie will want to help Microsoft. These people can't be had by money, which is the only thing that Microsoft can offer. They are akin to religious zealots who will die before dealing with the devil. The only way to battle against these zealots is to continue to promote the benefits (financial, and perhaps popularity via naming names of contributors if that is appealing) of working with Microsoft.

Microsoft must find a way to 1) secure its products from attack that erodes its perceived security 2) eliminate or decisively hobble its prime threat which is LINUX. Money and fame are the two tools that it has at its disposal and it is the best way to decimate the camps of the enemy open source movement. Unless this camp is defeated, the slow, steady march on Microsoft's territory will continue until Microsoft has little ground left.

Speaking of which, what about Military eavesdropping? How can this threat be eliminated? It can't, and won't be by an American corporation like Microsoft. This is the real new battle-front that will be hidden as long as possible by the mass media, as there is no security benefit to making the public aware of the spying that the government does. For those who want true freedom, those 'true believers' who hate Microsoft, America and all that our world is at this moment, there may appear to be two options; 1) abandon all high-tech and revert to a more primitive existence or 2) embrace alternatives, such as LINUX. Of course, this doesn't prevent contributions to the Open Source movement by military operatives, inserting surveillance capability in OSS software.