Software accountability and the future collapse of Microsoft
It's Friday, and I've been mulling over the headlines and articles coming out of the RSA Security Conference all week. Here's a rather long and I hope sobering take on what's been going on with security and Microsoft and what it means.
Richard Clarke, former counter-terrorism advisor and author of the book Against All Enemies: Inside American's War On Terror had a fairly pointed comment on Microsoft yesterday at the RSA Data Security Conference:
Blackfriars has previously noted the unique lack of accountability for all software companies in a previous opinion piece, but we would have to agree with Mr. Clarke that Microsoft is one of the worst offenders in this area. After all, it is now 2005, and Bill Gates declared security to be Microsoft's highest priority in 2002. In that period, almost nothing has changed, except spam is now more prevalent, viruses arrive in mailboxes every day, and worms are now an urgent and ever-present threat to Windows users. And it is only this year that Microsoft even started considering issuing a new version of its non-standards-compliant Internet Explorer. Three years without a version update despite numerous security threats isn't complacency, it's outright neglect.
So what does Microsoft do? It doesn't fix the problems in Windows. instead, it buys companies that sell add-ons for Windows and makes users download and install them. Worse, in some cases, it adds DRM restrictions to ensure that these products only are downloadable by people who it can confirm have the latest version of Windows and have valid license keys. While this is very nice for Microsoft's business model, it doesn't do much for overall Internet security. And it leaves customers feeling that the company cares more about its billions in profits per quarter than about its customers.
We're not the only ones who have noticed this. Gartner Group has slammed Microsoft for tying security to upgrades. Michael Malone writing for ABC News has made a call that he can smell the decay that comes with dying companies, and that he is beginning to get some whiffs out of Redmond.
This is one of those tipping-point branding problems. HIgh-profile brands can take a lot of punishment without the business going south because consumers remember what the brand stands for instead of the news. Johnson and Johnson handily survived its Tylenol scare because it communicated to consumers what it was doing about the problem quickly and clearly, and then followed up with quick action. But what is happening with Microsoft is that for the past five years, it keeps claiming it is addressing its security and quality problems, but by the time it follows up, there are just more problems. The brand is accumulating tarnish faster than it can get rid of it. And now you have both anti-terrorism experts like Clarke and entire government agencies like some of those in Brazil asking, "Why should we buy from a company that just doesn't care?"
You can already see the cracks in the brand getting wider. Forrester CEO George Colony wrote an apology letter last year saying he always thought Apple was an also ran, but that Jobs was delivering on the promise of a digital future better than the mainstream PC world was. And Charles Cooper over at CNET just switched from Windows to a Mac this week and claims he will never look back. If died-in-the-wool, typically-Microsoft-defending PC users are abandoning Microsoft, who is going to stand up for the company? Who will buy its products? Who will buy its stock?
On the products side, lest you think products like MSN or the XBox will save the company, forget it. Microsoft makes nearly all its profit off two products: Windows and Office. Everything else breaks even or loses money. So if there's no security for Windows and Office, MSN and Xbox won't matter. They are rounding errors on the margins of the other products.
When people start asking those questions, that's when the house of cards collapses. And when you look at the last question -- who will buy its stock -- the stock market already has an answer. Microsoft's stock price is less than half the price it was five years ago (aside: compare that with the stock price of Apple, whose death has been predicted 26 times over the last several years and whose stock price tripled in the last year). Microsoft has 11 billion shares outstanding, or nearly two shares for every man, woman, and child on earth. At some point, people will decide they have enough Microsoft stock, and when they look at the tarnish on the brand from poor quality products, bad security, and outrageous business practices, they will decide to sell it. And with 11 billion shares outstanding, even Bill Gates won't be able to keep the stock price up. And millions of people will be hurt by the collapse of Microsoft stock, because it is a core holding in nearly every US mutual fund, and many international ones.
Brands matter. Bad business practices hurt brands. Consumers and companies ignore those rules at their peril.
Richard Clarke, former counter-terrorism advisor and author of the book Against All Enemies: Inside American's War On Terror had a fairly pointed comment on Microsoft yesterday at the RSA Data Security Conference:
"Given their record in the security area, I don't know why anybody would buy from them," the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft's forthcoming line of security software.
Blackfriars has previously noted the unique lack of accountability for all software companies in a previous opinion piece, but we would have to agree with Mr. Clarke that Microsoft is one of the worst offenders in this area. After all, it is now 2005, and Bill Gates declared security to be Microsoft's highest priority in 2002. In that period, almost nothing has changed, except spam is now more prevalent, viruses arrive in mailboxes every day, and worms are now an urgent and ever-present threat to Windows users. And it is only this year that Microsoft even started considering issuing a new version of its non-standards-compliant Internet Explorer. Three years without a version update despite numerous security threats isn't complacency, it's outright neglect.
So what does Microsoft do? It doesn't fix the problems in Windows. instead, it buys companies that sell add-ons for Windows and makes users download and install them. Worse, in some cases, it adds DRM restrictions to ensure that these products only are downloadable by people who it can confirm have the latest version of Windows and have valid license keys. While this is very nice for Microsoft's business model, it doesn't do much for overall Internet security. And it leaves customers feeling that the company cares more about its billions in profits per quarter than about its customers.
We're not the only ones who have noticed this. Gartner Group has slammed Microsoft for tying security to upgrades. Michael Malone writing for ABC News has made a call that he can smell the decay that comes with dying companies, and that he is beginning to get some whiffs out of Redmond.
This is one of those tipping-point branding problems. HIgh-profile brands can take a lot of punishment without the business going south because consumers remember what the brand stands for instead of the news. Johnson and Johnson handily survived its Tylenol scare because it communicated to consumers what it was doing about the problem quickly and clearly, and then followed up with quick action. But what is happening with Microsoft is that for the past five years, it keeps claiming it is addressing its security and quality problems, but by the time it follows up, there are just more problems. The brand is accumulating tarnish faster than it can get rid of it. And now you have both anti-terrorism experts like Clarke and entire government agencies like some of those in Brazil asking, "Why should we buy from a company that just doesn't care?"
You can already see the cracks in the brand getting wider. Forrester CEO George Colony wrote an apology letter last year saying he always thought Apple was an also ran, but that Jobs was delivering on the promise of a digital future better than the mainstream PC world was. And Charles Cooper over at CNET just switched from Windows to a Mac this week and claims he will never look back. If died-in-the-wool, typically-Microsoft-defending PC users are abandoning Microsoft, who is going to stand up for the company? Who will buy its products? Who will buy its stock?
On the products side, lest you think products like MSN or the XBox will save the company, forget it. Microsoft makes nearly all its profit off two products: Windows and Office. Everything else breaks even or loses money. So if there's no security for Windows and Office, MSN and Xbox won't matter. They are rounding errors on the margins of the other products.
When people start asking those questions, that's when the house of cards collapses. And when you look at the last question -- who will buy its stock -- the stock market already has an answer. Microsoft's stock price is less than half the price it was five years ago (aside: compare that with the stock price of Apple, whose death has been predicted 26 times over the last several years and whose stock price tripled in the last year). Microsoft has 11 billion shares outstanding, or nearly two shares for every man, woman, and child on earth. At some point, people will decide they have enough Microsoft stock, and when they look at the tarnish on the brand from poor quality products, bad security, and outrageous business practices, they will decide to sell it. And with 11 billion shares outstanding, even Bill Gates won't be able to keep the stock price up. And millions of people will be hurt by the collapse of Microsoft stock, because it is a core holding in nearly every US mutual fund, and many international ones.
Brands matter. Bad business practices hurt brands. Consumers and companies ignore those rules at their peril.