Internet Security Trick or Treat, Making a "WISE" Choice

Share Article

MicrosoftÂ?s Windows PC Satisfaction Trial with its PC Safety Meter is intended to make it easier to secure desktop computers. Unfortunately, while it may be helpful, it may also create new problems. As everyone on the planet who uses a personal computer now knows, Windows and Internet Explorer are not secure. It has been reported that the tool being tested may become part of MicrosoftÂ?s defense against a class action lawsuit recently filed in Los Angeles.

While the concept is fine, its implementation may not be. The fundamental problem of Windows is that it's a big target (operating system monopoly or monoculture, see dictionary definitions or those in any introductory economics or ecology textbook) and that its convenience features have been given preference over security and privacy protection. Their trial approach may also suffer from the monopoly or monoculture problem if their tool provides new big targets by only offering one personal firewall, one anti-virus program, and so on. It has also been reported that Microsoft is working on a Windows update to allow two or more anti-virus programs to run at the same time which is not currently advisable.

So, what do we propose instead? A similar concept except that the Windows Internet Security E-tool (WISE) would check that a firewall from an approved list is installed, updated and operating; and do the same thing for anti-virus, anti-Trojan, and anti-spyware software as well as other security and privacy software and hardware. In addition, it would make it much easier to use the built in security and privacy features of Windows, Internet Explorer, Outlook Express, Office and other Microsoft products. Lastly, it would turn on all of these features by default (such as automatic downloading of "critical updates") and give clear explanations of the security risks versus the benefits of turning these security features off or down to a lower setting.

What are the ramifications of this idea? Assuming positive third-party reviews of WISE and a major marketing campaign to alert users to its availability, millions of existing computers would have better protection in a short time. New computers that come with Windows preinstalled would have WISE too. The monopoly or monoculture problem does not exist because end users can pick from many security and privacy products that are included in WISE. From a business perspective, WISE may work better for Microsoft and many security and privacy software companies. If an end user picks and purchases a security product from the WISE approved list using a link provided by WISE, Microsoft could get a commission just like any other online affiliate sales program and the security vendors would not have to compete with potential Microsoft security products.

However, there are downside affects too. All of the other online sales affiliates of companies that make security and privacy products (like the shop on our site) as well as retail stores (like Amazon) may lose sales. Products that are not on the WISE approved list may be less competitive that ones that are on it. Plus, who decides which products go on the list? A partial solution to the first problem is to only sell products via a WISE referral at list price. That would allow other affiliates to sell the same products at a discount. In addition, the cookie (or other means of documenting the WISE link for payment by vendors to Microsoft) should expire quickly (end of an online session or one day). These measures may partially balance the playing field. The WISE list should include certified freeware, shareware and trial software too.

For the second issue, Microsoft should not make decisions about who is on the list itself. It should lay out objective criteria that vendors have to meet to be on the list and inclusion should be based on testing and verification by independent third-party organizations (like those for anti-virus software) that are acceptable to Microsoft. Any product that satisfies the criteria and is verified would go on the list. Vendors may have to pay for testing themselves as many anti-virus companies already do. Microsoft can propose criteria and should request widespread review and critique of them. The same goes for selection of testing and verification organizations. This would take Microsoft off the hook. It improves Internet security for end users, it is fair, Microsoft looks good, and companies still make money.

A final thought, perhaps Microsoft intends to do something similar to what I am suggesting. That would be a treat. We have no way of knowing at this time.

Henry S. Markus is the owner/editor of Firewallguide.com, an Internet security and privacy resource site, and the publisher of a weekly newsletter - Internet Security News for End Users. His website has had over two million visitors since it went online in May 2000.

###

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Visit website