Indeed you are right and most of us who look at reality directly know this. That is why, all my clients get a special treatment. You want to run Microsoft browser? It will cost you more. Why? It's a lot of work for everybody to make it somewhat safe. You want to pay less and have products that are safer? Great, you will save money with my services and I will have more time to work on really interesting projects without having to clean up Microsoft's mediocre efforts. They are putting too much effort in marketing instead of spending more in R & D.

90% of my clients use Firefox and some use Opera. I just have less problems. Only rarely will we allow IE to open up and mostly through Firefox IE View extention.

We do have the power to chose and let our choices be known. Don't use bad software from unresponsive companies when others do better.

Now let's focus less on Microsoft and more on the alternatives.

Thanks,

Nick

Nick,

Thanks for writing.

I agree, I am talking too much about Microsoft these days. I've been playing with lots of open source things that I need to talk about as well...including Backtrack Live.

But the truth is that none of my clients get hacked or infected using IE or Mozilla or Safari. My clients don't have a problem if they use a little commonsense, stay patched, and don't click on suspicious emails and URLs.

Microsoft has spent $1B on computer security. That's the most by any software company, and the biggest percentage of expenses of any software company, so it's inaccurate to say they care more about marketing than security.

Hack IIS 6 lately? Hack SQL server lately? Hack W2K3 server lately? Didn't think so. IIS 6 and W2K3 have been out since March 2003 without a single major exploit. SQL hasn't been exploited since Slammer.

You're a FF/open source supporter apparently. But the real answer is that both Windows and IE can be just as secure as Firefox and Linux, and I would argue it's easier to secure Windows machines...because of group policy and the plethora of free excellent patching options.

IE had less exploits and less critical exploits than Firefox last year (17 to 22). Guess who has had more exploits this year so far? IE has had 2 (http://secunia.com/product/11/?period=2006#statistics). FF has had 7 (http://secunia.com/advisories/18700).

I've got a legitimate gripe that IE has too many unpatched exploits, although most are not critical. I can't get half the IE exploits on www.frsirt.com and www.metasploit.org to work...so I'm not sure that all the reported exploits actually work.

But in the same vein, I don't dog Firefox for having a larger number of exploits in the past 14 months, even though its marketshare is only 5-12%. I didn’t' come out and say that IE sucked or shouldn't be used anymore than I said Firefox was better...because it isn't. Each browser has their advantages and disadvantages. Want a more secure browser with less vulnerabilities, Opera (as some of your customers are using) is a better choice than FF. What about Konqueror or Lynx? Why isn't everyone using Lynx? Oh, that's right, it doesn't have enough functionality. As functionality increases, so does complexity, and so to, does the number of exploits...usually. But why does FF already have more exploits than IE?

Hey, thanks for writing, and don't take what I say without fighting back. Write back.

Thanks Roger,

You raise good points. I'm not an open source advocate though I believe open source has its place. I was slow using Linux like most people. I still don't run it though some distros are very good for beginners and mild users. I still use my Mac for every day use and believe me in the Real Estate world where 99% of everything is Windows centric, it takes a lot of courage or stupidity.

It's true that FF had more vulnerabilities lately than IE but FF has been quicker to respond than IE, am I correct? IE's strength is its integration with Windows and securing is more modular than what we can do with FF. In a world where functionality over rides security, FF and Opera have more user appeal than IE has (yes, the infamous tab browsing for instance, etc). Opera is still my preferred browser. But IE is a better enterprise browser. What about small business which make up the bulk of our economy? They can't rely practically on a monster like MS that is geared for big corporate infrastructure. Hum, can anyone spell Windows light?

You actually nailed on the head by saying: "My clients don't have a problem if they use a little commonsense, stay patched, and don't click on suspicious emails and URLs. " This must be my short coming but most of my users are not well behaved and will always want to see that email with a naked Britney Spears in it no matter how many times they get slammed and how many times I tell them it costs them money. My NY business men don't care, they want to play with it and give you money to fix it. Absolutely absurd ;) I know this is my problem on educating them.

The fact that Microsoft spends $1B in security is both great and laughable. Great that they are finally taking their security mess seriously. But, why in the heck did it take so long to do it? Could it be they were going after market shar es and buying companies to establish their dominance and clearly had different priorities than giving consumers a good all around platform? Would I have been happier with a weaker Windows market share but more security? We can't rewrite history but I would have been happier if Microsoft had tightened there acts way back in the Windows 95 years. Ultimately, I see MS as selling us a foul tasting meal and then selling use an Altoids with a smile. Unfortunately, they can't reinvent the wheel and redo their OS from scratch. Yet, a few companies had enough guts to do just that, BeOS, OK it failed but not without an arm wrestle with MS and Apple's switch to Unix, and yes with under 5% market share that is easier to do.

Yes it is inaccurate to say they care more about marketing than security today but they used to and after locking down the desktop market, they can now focus on real problems 10 years too late for me. People lost a lot of money, productivity and time while MS was hunting new markets without taking care of their security holes. In this respect, they are exactly like most American corporation, greed driven bottom line people.

I guess it's not clear to me where they are heading. Talks of trustworthy computing are all great but results are better. Yes IIS, W2k3 and SQL have done very, very well. How come MS doesn't tout that? Do they feel they still have full confidence? I hope not.

And I guess the bottom line is as functionality becomes better, people expect more (or are they being fed more without thinking?) and consultants end up tightening up the security from vendors who didn't think it worthwhile. I would have been happier with a tad less functionality and more security so that it becomes balanced. Oh, wait a second, I am describing OS X here without the market share. The problem I see as a consultant (soon ex-consultant) is that I became the interface for Microsoft lack of security direction and my clients. I had to deal with it so that my clients could use their computers.

Lastly, why has FF more vulnerabilities than IE? Is it the same thing as when MS was saying Windows was less vulnerable than Linux because they took into consideration every major distributions of Linux for one security issue? I don't know the answer and I trust you would know. And of course some holes are critical, some not. IE has the advantage to have been tied its browser to its operating system, FF doesn't. It's easier for MS to work on IE than FF on it's product.

Hope I am somewhat making sense. I love a good talk like that.

Ah the days of Lynx... Hey, wouldn't Lynx have been great for reading blogs?

You know in the end, I started in this industry to help people better use their computers. Very soon, I ended up cleaning MS's mess and troubleshot most of the time. It just isn't fun or challenging to face the same MS problems time after time when they know what is going on. So they rely on us to bring it out to the market, pooh pooh us when we criticize them and then try to whine and dine us for yet another OS upgrade. Frankly said, MS took the easy way out by bullying everyone else. I hate using words like that because it is so emotionally charged in journalism.

Thanks Roger. I don't think you talk too much or not enough about MS. I just see people around me gagging on marketing fluff.

Nick