in

Ex-Windows boss Sinofsky: How pre-2K malware and lack of trust hurt Microsoft

A new book by Steven Sinofsky, the former head honcho of Office and Windows, details how early Office viruses, WM/Concept.A, Melissa, and ILOVEYOU, combined with Microsoft’s dominance at the time to shape its future and the worldwide PC market. 

According to Sinofsky, one of the main problems Microsoft faced in the early 2000s was that it had lost the trust of customers and lawmakers – and then ILOVEYOU struck inboxes on May 5, 2000. 

Windows 10

Just weeks later, a US federal court judge had called Microsoft “untrustworthy” and ordered it be broken into a Windows company and a separate software company – the most drastic outcome possible in Microsoft’s US antitrust lawsuit.   

Sinofsky, a controversial but high-achieving leader at Microsoft, left the company in 2012 after six years as head of Windows and eight years leading Office. These days he’s a venture capitalist and often tweets his thoughts on innovation and what makes and breaks hit technology products. 

His new book could well find an audience among execs at Amazon, Facebook, Google, Apple and at upstarts like Zoom, which has found new success due to teleworking under the coronavirus pandemic.

“Once trust wanes, everything you do or try to do is viewed through a lens of distrust,” Sinofsky told FastCompany in a Q&A about his new book, Hardcore Software: Inside the Rise and Fall of the PC Revolution. 

“The rampant viruses on PCs were bad, but the lack of trust amplified the impact, and it also put the need for action squarely on Microsoft. If we had not lost trust with customers, I am certain that there would have been much more patience.”

Microsoft’s combined malware and antitrust problems permeated the company’s culture throughout the early 2000s and continues to do so today, probably influencing the line it takes with regulators in Europe and the US. 

The ILOVEYOU virus prompted Microsoft co-founder Bill Gates to write his famous Trustworthy Computing (TwC) memo in 2002, which ushered in the Microsoft Security Development Lifecycle and the TwC Group, the team that oversaw Patch Tuesday and its trustworthy computing initiative, encompassing security, privacy, and secure development processes. 

Sinofsky’s book comes as government agencies and businesses around the world face a new and costly onslaught from ransomware attackers. 

During the coronavirus pandemic Microsoft has sent out multiple warnings to businesses that could be targeted by sophisticated attackers demanding hundreds of thousands of dollars from victims. 

The book also follows the NotPetya and WannaCry ransomware attacks of 2017, both of which cost several billion dollars in losses that organizations and western governments have blamed on government actors.  

Sinofsky notes in a preview of the book that Microsoft products at the dawn of 2000 “were increasingly viewed as buggy or unstable”. 

In other words, Microsoft and its customers were facing a similar situation in the early 2000s. However, today Microsoft has thrown more resources at cybersecurity defenses through Microsoft Defender and hardening Windows 10, even though there are still complaints about Windows product testing. 

But while Microsoft still dominates the desktop, people have moved on to world where PC sales are declining, the cloud is dominated by Amazon and mobile devices are ruled by Apple’s iOS and Google Android. And nowadays, Microsoft loves Linux while Gates freely admits he wished he’d created Android.  

As for the 2000s and Microsoft’s problems with security and monopoly, Sinofsky says: “Something needed to be done about that – it was the price of success. Closely related to ever-present bugs was the increasing prevalence of computer viruses.”

“While viruses were not new, the massive penetration of Microsoft’s new email solution (Exchange and Outlook), the internet, and global connectivity created fertile grounds for a new generation of viral attacks on computing,” he writes.

“This is a story of a global attack on the new Windows PC infrastructure that brought the world’s PCs to a halt, literally causing billions in damages overnight, and how the team came together in crisis to come up with a solution. 

“The details are unique to the era and computing at the time, but the lessons learned are universal in the time of crisis.”

stevensinofskyandreessenhorowitzyoutube.jpg

Former Windows chief Steven Sinofsky: “The rampant viruses on PCs were bad, but the lack of trust amplified the impact.”

Image: Andreessen Horowitz/YouTube


Source: Information Technologies - zdnet.com

Search provider Algolia discloses security incident due to Salt vulnerability

This phishing campaign targets executives with fake emails from their phone provider