Microsoft Outpaces Apple in Customer Satisfaction

Yep, that’s right.  Just couldn’t pass up the chance to blog about this.  If you’re interested, I’m sure you’ll read the entire article, so I’ll do some summarizing here but not do any wholesale cut-paste.  My main reason for doing this post isn’t so much to brag about the obvious inference of the title (you believe that, don’t you?), or to add to the already great buzz around Windows 7 (hereafter referred to as Win7), but rather to point you to some (more) 3rd-party evidence that you can also show to your customers to help them overcome some of their Vista stigma or, in many cases, help them be more confident in rolling out what they likely perceive as “new technology” (but we both know that Win7 is leveraging all the reliability and security of the Vista platform while hopefully overcoming some of the negatives).

As you’ll see, this article is from Bloomberg.com and it centers around a “Chart of the Day” which in this case is a chart showing the results of satisfaction surveys done by a London-based research firm YouGov for both Microsoft and Apple around satisfaction with their most recent OS upgrades (Windows 7 and Snow Leopard [SL] respectively).  The chart is essentially an overlay of the two surveys which purports to show, by percentage of positive “grades”, the relative customer satisfaction levels with the 2 products.  The basis of the article headline is that, since shortly after it’s release in Nov, Win7 has achieved higher percentages of positive grades than it’s rival (indeed, at the end of CY2009, according to the chart, Win7 was trending up and was at almost 75% satisfaction while SL remained consistently below 70%).

Some of the things that I noticed (from the chart) that I thought I’d point out are:
- after it’s release, SL briefly spiked up to just over 70% but then plunged to well below 60% (Win7 has never gone below 60%), then did another peak (to only around 65%) before diving again back under 60% until gaining back to launch time levels of mid-to-upper 60%.
- Win7 launched at about the same mid-60% range as SL but has not had any plunges like SL, it did dip a couple of percentage points but not even as much as the second plunge of SL which was smaller than its first. 
- I’ll be honest, I’m not doing research into why the dips happen (to find the “rest of the story” like I usually do), I just find it interesting that SL has only had better percentages for a few brief spikes all along the 7-month continuum, even when Win7 was still in pre-release.

Of course, you can draw your own conclusions from the chart, and I’m not going to try and push this as some be-all-end-all proof of anything, but what I do want to point out is that I think, with all the halo-effect and general positive perception that Apple seems to enjoy, and with the lack of halo-effect and some of the (unfounded) negative perception, which you know I’ve commented on in this blog over time, that most folks (meaning your customers) would be very surprised to find out that Win7 enjoys a level of satisfaction that’s, in fact, comparable to (yea, even perhaps beats) Mac’s latest OS.  Man, I wish we could come up a commercial around this.

You know I dislike anecdotal evidence being put forth as some sort of “leading indicator”, but in this case the quote was from an analyst for Directions on Microsoft and those folks are the real deal, so when they say something I generally find it much more credible that than average supposed expert comment that I typically see.  And, his quote that “People who were thinking about buying a new PC are more likely to do so now. You’ll see slightly better sales.” is supported by what I see and hear all over the press.  So, again, back to my back premise here – hopefully you can use articles like this one to show your customers that now is the time get off that legacy stuff and get onto the current generation OS technology, and hopefully they will feel comfortable with Win7 knowing that it actually does enjoy a high satisfaction level amongst those who have actually used it.  That’s what I’m talking here.  You know as well as I do that when many of them take the step up they’ll be glad they did (on several levels) and hopefully you’ll reap the benefits as their Microsoft partner and trusted advisor.

Interestingly, Apple declined to comment, go figure. 

For those of you who are Microsoft technology certified already, or for those who are thinking about the value of adding technology certifications to your portfolio of industry acumen, there WILL be exams (to use a variation on the movie title phrase that’s really popular these days).  [Those already certified may well be refreshing or updating those certs for the Windows 7/Server 2008 wave of technology.]  For those that have done these kinds of exams, you know that sometimes they can be tricky.  Perhaps some of you even joined myself and Beatrice for some of our “Certification Prep Series” webcasts we did a couple of years back.  And, you may also remember the “Second Shot” testing promotion that has been very well received.  Well, I have really good news – the Second Shot program is back!

Microsoft Learning (MSL) is bringing back Second Shot as part of its new Career Initiative, which is designed to help you (partner) and perhaps in some cases even some customers/clients to get trained and certified on Microsoft technologies.

Those of you already certified certainly understand the value of having a Microsoft certification, whether it be for meeting the requirements of the higher levels of the Microsoft Partner Program (now Microsoft Partner Network) or just differentiating yourself from the crowd for other job or business purposes. 

Well, since these exams are not free, a “bad day” in the test room has some potential financial impact.  For instance, I know some of you have employers who will reimburse for these exams, but even if you get reimbursed, they don’t necessarily reimburse for failed exams.  But with Second Shot you can now register for a free retake (should you need it), and then take the first exam with less anxiety and fear of not passing. Second Shot is not available to everyone for any exam, but most of my partners who read this blog should qualify.

A couple of key things to note:

Second Shot is available worldwide (except India and China) and only at Prometric Testing Centers.

Here’s the link to get more info on the Second Shot offer:
Special Offers on Training and Certifications from Microsoft

And while I’m on the subject of certification, here’s a link to a new MSL site that lists job roles, learning paths and other resources for getting certified in the Microsoft technology area of your choice: Microsoft Professional Career Portal.

On a side note, one of the things I’ll be doing now that I’m back in TS2 is being the “Champ” if you will for Microsoft Learning and our Learning Solution (CPLS) competency and our CPLS partners. So expect to see more posts from me around certifications in the future.

One of the key “benefits” of the TS2 style public events that our team did (and many of you likely attended), and something we always got good feedback on, was that those events were opportunities for our mainstream partners, especially our core Registered Partner base, to meet and mix, aka network, with other partners who were also invested in the Microsoft technologies and partner “ecosystem”.  Well, since we’ve stopped doing those events, some of our partners have had to look for other vehicles to leverage for networking.  And, if you’re not familiar with them, I’d like to take this opportunity to introduce and put a “shout out” to the IAMCP (International Association of Microsoft Certified Partners) organization – they’re a great org for any Microsoft partner to invest in, especially if you’re interested in the personal/business networking aspect.  But this post really isn’t about IAMCP, it’s about another brand new opportunity for you to join the Microsoft Partner Network (MPN) Community.

The MPN Community is a place, hosted right on the Partner Portal, where you can connect and collaborate with other partners and with Microsoft as well.  In fact, the MPN Community was designed specifically to facilitate real-time networking opportunities between people, like yourselves, who are selling or building Microsoft solutions and Microsoft. This is way better than the TS2 events because now you’re not just networking with a small group of local partners, but engaged with a much larger sphere of influence and opportunity. 

So, by way of introducing you to the new MPN Community, let me suggest some ways for you to engage with your peers and Microsoft globally or directly within your region. Among other things, you can:

1. See what’s happening in your local community and region, as well as attend partner events and engage in social media with people in your community.

2. Get involved in Microsoft communities focused on student talent for hire, public policy affecting the technology industry, technology training and education and much more.

3. Join the conversation with Microsoft and other partners through online social media like Twitter, Facebook and Microsoft and partner blogs.

4. Keep up to date with the latest partner relevant news, webcasts, and videos, and find product specific information and training within the broader Microsoft partner network.

And, finally, I’d like to direct you to a few partner network community resources that may be of interest to you and help you start the conversation with other partners and Microsoft.

· Join the community Twitter feed and the partner network Facebook page (and the home page even has a link to a FAQ to learn more about “social media” in case you’re a slacker like me who hasn’t really gotten immersed in all that stuff as yet.)

· Watch short video series on SMB, Windows 7, and Azure.

· Take a sneak peek at what is being planned for the 2010 Worldwide Partner Conference

Hopefully, I got you at least curious enough to check it out now, and even more so, I hope you’ll find it to be a useful tool to engage with other Microsoft partners, as well as Microsoft, to help you get even more out of your investment in being a part of our partner.

Well, if you’ve read the last couple of posts you are aware that I’ve cast some aspersions on many folks who comment on blog posts and articles.  It seems to me a huge majority of them are seriously un-, under-, or mis-informed about the topics and issues they nonetheless take the liberty to comment on.  Of course, everyone has an opinion about Microsoft (MS), and as an MS employee for the last 12+ years, I would say that one could consider it “logical” to conclude that I would know more about MS than the vast majority of the folks who offer their opinions on our products and business practices in online venues.  In fact, I’m betting that my tenure at MS, and the presumed credibility it entails, is perhaps a primary reason why you bother to read this blog.  Of course, I’m constantly piqued, or some would say “tweaked”, by the wildly inaccurate stuff I see posted, especially in comments.  You likely remember in my last post (same song, second verse…), that I called out one particular comment (on XP being more secure than Vista) that was an amazing example of the type of un- or misinformed commentary that seems all too prevalent today – especially around the topic of Microsoft.  And you might also recall, I called out his poor logic but chose not to address it in that post.  As another interesting coincidence, I ran across this post from Robert Strohmeyer, of PC World, around the sad state of “logic” as it is used (or rather, more commonly, abused) in the internet “echo chamber”.  As we close out 2009 and look forward to the new decade of 201x’s, I thought I would take this opportunity to do a post on a “generic” topic – I hope you find this interesting, if not informative.  I also hope that you’ve not found these logic fallacies to be characteristic of my posts and opinions.  I try to be objective (as I can be <grin>) and factual, and when I call out other opinions and posts that I disagree with I typically try to put out a well-supported and credible rationale as a counterpoint, not just flame the writer (for being so ignorant <smile>…just joking) as so many others do. 

So here’s the link to the post:  The Web's Most Illogical Arguments.  The title is self-explanatory, although he only points out 10 of the many logical fallacies that occur.  To that end, I’ve included some links below for you to get more comprehensive info around logic fallacies, if you choose.  I like his opening:

“The Internet is teeming with crazies, jerks, and blowhards; and in online forums, debaters are full of passionate intensity. Peruse the comments area on any popular blog, and you'll find more irrational rhetoric than you can shake an encyclopedia at.  What separates rational thought from bogus blather is logic. Unfortunately, sound logical thinking is a learned skill that's rarer than we might hope, and it's not the same as so-called common sense.”

[Assuming you just read the post'] Did you see any (or a lot of) logic fallacies that you recognize from recent readings?  I’d be really surprised if you didn’t.

In his paragraph on “What’s a Fallacy”, as he explains what fallacy is, he makes the following observation that I think is reasonably astute: “Using or falling for fallacious reasoning is by no means a sign of stupidity.[emphasis mine] Lots of smart people inadvertently use or get taken in by irrational arguments from time to time--through lack of attention, lack of understanding about how logic works, or the simple fact that human psychology is riddled with weird idiosyncrasies that make us susceptible to misunderstanding.”  Again, using TJ (from yesterday’s post) as an example, his erroneous conclusion isn’t based so much on the fact that he doesn’t know anything (stupidity) so much as he doesn’t know enough about the subject he’s commenting on which leads him into logic errors – which is what I find to be the most common problem out there.  Folks know a lot about one thing, and think they know a lot about other stuff as well, but I find, at least in the majority of external commentary on Microsoft, that this presumed knowledge is seldom founded on actual facts but rather perceptions (usually erroneous), or purely anecdotal evidence, or outdated information (based on unfortunate generalizations of past events).  And sadly, many, if not most, are content to spew their opinions based on this lack of, or faulty, information.  Case in point – TJ makes bases his conclusion that XP is more secure than Vista on the following premise: “outside security analyst have been scouring Windows XP for almost a decade, while Windows 7 has a lot of new code [which is not being scoured]”.  Well, one of the rules of logic is that if you start with a false premise you will end up with a false conclusion.  TJ makes two errors right out of the box: one is the (false) assumption that security analysts scouring a codebase for some extended length of time is somehow an objective measure of fundamental security of that codebase; and two, the also false assumption that the Vista codebase (although newer) was not scrutinized to the any great extent.  On this second point, he is woefully uninformed about the SDL as well as apparently any or all of the data out there that shows how much more secure Vista is than XP – I sure hope he read CW’s response.  On a related note, I saw another comment on another blog that basically tried to make the case the Firefox was more secure and stable the IE because that person hadn’t had a Firefox error in months (a hasty generalization or proof by example fallacy at best or possibly a confirmation bias – you make the call, or identify a fallacy that’s even more relevant).  Again, with that kind of anecdotal evidence and logic, I could have made the case that since I hadn’t a problem with IE in a year, that would logically make IE 2-3x more robust and secure than FF.  Of course we would both be wrong.  I just wish more folks would be more responsible in their commentary.

But the real point of this is “be careful out there”.  I would suggest not just a “grain of salt” but rather a healthy dose of skepticism when reading online content and comments.  Know your logic fallacies and remember, even what appears to be decent logic is completely negated when the premise, or basis, is false. 

And, btw, if I’ve piqued your interest with this post, here’s some more links to info on logic fallacies.

Logical Fallacies, List of fallacies (wikipedia), Critical Thinking mini-lesson 5 (Skeptic.com), Logical Fallacies (LEO: Literary Education Online), these are the ones I would recommend.  But it you’re in for a logic challenge, try this one (Bad Arguments) where you can test your logic skills (don’t want to brag, but I got all of the practice ones correct <grin>), hopefully you will too.   Cheers.  Hope you have a great 2010.

Wow, just when I thought I had hit the security theme pretty well and could kick back for the rest of the holidays, I see this on the PC Magazine Security Watch blogs.

Does Microsoft Look For Vulnerabilities in Their Own Products?

Well, if you even entertained the initial thought that the answer could be no, I sentence you to go back and read every security-related blog post I’ve written <grin>.  This post came about because of a Twitter whine by researcher Alex Sotirov who complained that vendors weren't paying those (presumably like himself) who found the bugs in their products, and that this was somehow unjust.  I actually recommend you read this post by Larry Seltzer, although at the end he seems to reach the conclusion that he agrees with Sotirov.  I disagree with his conclusion on several bases but let me cover the post in general, and then address what I feel are the flaws in his conclusion later.

Right up front Seltzer points out that “Most of the bug-finding for major products comes from researchers paid by someone for their work.”  For sure, most vendors like Microsoft, leverage the findings of external researchers in this regard, but I would like to see some proof of the assertion that “most” of the bug-finding is done by these folks, but this is just another example of how easy it is make an unsubstantiated declarative comment that many folks accept at face value but with no real vetting or substantiation to back it up.  I can’t say that I still know this for a fact (full disclosure on my part), but back when I was a security-focused Technology Specialist for Microsoft, in the early days of SDL (and the associated SWI, Secure Windows Initiative), I know that we not only did our own internal code sweeps (reviews), but also contracted with several external agencies to supplement that effort.  Seltzer subsequently notes that some folks were “credited” for their bug-finds, but then notes that other vulnerabilities were not credited, acknowledging that some were “privately reported”.  So this brought Seltzer to pose the title question to a “famous researcher”, Dino Dai Zovi, who basically said (or rather implied) no, citing that Apple was “the only vendor he knew of that patches internally found vulnerabilities” – I guess I’ll take his word for it that Dino is famous and credible and knows all the vendors methodologies well enough to make his statement.  Of course, for Seltzer “this rang true” since he looked and found out that Microsoft had not credited any internal research sources in vulnerability disclosures in 2009 (which btw begs the question of whether or not crediting internal research is, or should be, the standard to go by, which I’ll be getting to in a moment).   So he asked Microsoft about it directly – nice work Larry (finally a little journalism by someone).   As you should know, Microsoft confirmed that YES, of course they look for and find vulnerabilities internally (after all that’s the whole point of SDL which is mentioned in Larry’s quote from an unnamed Microsoft person).  But curiously, although he acknowledges the fact that MS does internal vulnerability research, he finishes the sentence with “but not so much”, which I can only infer he says because Microsoft doesn’t report (or credit) it in the same way as other vendors (e.g. Apple) who, if you read my last post, may not be the vendor(s) I would be looking at as an example in this area.  One key piece of the vulnerability equation that seems to be ignored here is a discussion on whether or not all vulnerabilities need to be proactively patched, and then whether acknowledging internal vulnerability research is a “best practice” which seems to be at the heart of his “but not so much” comment as well as his ultimate conclusion.  As you should know, a vulnerability, in and of itself, is not really a problem -- it only becomes a problem when someone develops an “exploit” against it presumably with malicious intent.  So I would ask, if I know that my program has a certain vulnerability but you do not, is it really a best practice for me to proactively patch that vulnerability and thereby make a de facto announcement of it (when I release the patch) that could be used to develop an exploit against unpatched systems?  Well, apparently Larry and Alex and Apple think so, and if you have the small market share, and thus largely untargeted platform (the security by obscurity situation that I’ve blogged about before), that Apple has, you can do this; but to foist that paradigm on everyone is not my idea of a best practice.  Now Larry notes in his next to final paragraph that MS08-037 leveraged Microsoft’s “own work in finding the [bug]…”, but then states in his bottom line that “[they] don’t do proactive vulnerability research on their own shipping products”.  Which conclusion, btw, he arrives at by mentioning that “Microsoft spends a lot of time and money and effort on the security of their products, but they're almost entirely forward-looking about it.", which he then characterizes in a negative light as “neglect” of current products.  I don’t know about you, but this is pretty convoluted in my opinion to say the we “do” a lot of something, but then spin that as neglect because apparently we may not buy into the (proactive) patching paradigm he assumes as a standard.  I would also suggest that his conclusion which infers that we need to be paying outside folks more to find and report stuff that, btw, wouldn’t be a problem if they didn’t find it (with the intent of publishing it) is also suspect in my opinion, but you can make the call on that – at least you’ll have a counterpoint to consider now.

In my final thoughts, I would urge you to read the quote in the article from the (unidentified) Microsoft person.  The main reason, I would suggest, that most external vulnerability finds are “credited” is because those folks desire the recognition as it adds to their resume (or street cred).  Also, most of them intend to “publish” the vulnerability which means that Microsoft must proactively patch it.  On the other hand, internally found vulnerabilities are generally not going to be published (and become the basis for future exploits) and thus there’s no reason to spend cycles proactively patching them, at least that’s how I believe we look at it.  And, as the anonymous quote points out, these are all part of the ongoing SDL process.  Also, I’ll bet that most internal Microsoft security researchers are not “in it’ for the external recognition, so to spin that anonymity as evidence that supposedly only “other people are finding bugs in their products” and need to be paid more, well, I’m afraid I have a problem with that conclusion per above.  As Larry says at the end “something’s not right with this”, but I would say that what’s not right is less about how Microsoft approaches vulnerability research and reporting but more about how Larry reports on it.  As always, “you make the call”, but I hope this serves to point out how careful (and critical) you need to be when reading anything online these days (even me <grin again>).

Oh, btw, remember what I said in the past post about the usual uninformed comments – here’s the very first comment on Larry’s post: “Another reason why Windows XP is actually more secure than Windows 7 - outside security analyst have been scouring Windows XP for almost a decade, while Windows 7 has a lot of new code for-which Microsoft basically admits in this article that it's not researching. Now that's security you can trust...NOT![commented by TJ]”  Wow, this would be funny if it wasn’t just so wrong on several levels.  Unfortunately there’s probably more than one “TJ” out there who actually believes that XP is more secure than Win7, (and I won’t even comment on his flawed logic).  I couldn’t have come up with a better example of uninformed commentary if I had tried.  Moreover, I’m not sure which article he read to make the statement “Microsoft basically admits in this article that it's not researching…” but the incongruity doesn’t seem to phase TJ.  On the other hand, do read the follow-on comment by CW (in response to TJ) – among other things he points out this article which I would rate as a must read, Behind the Scenes at Microsoft`s Secure Windows Initiative, especially if you still have any doubts or interest as to how we deal with reported vulnerabilities.   OK, so now hopefully on with my holiday – see you next year.

Most of you already know that in this age of the Secure Computing Initiative (aka Secure Development Lifecycle) at Microsoft that we actually have made tremendous strides in providing not only more secure software but more robust software as well.  Of course, whenever you make a platform change, as we did with Vista, you’re going to run into driver and application platform issues that give the OS the appearance of “bugginess”, but most of you are technical enough to appreciate that driver issues are not a sign of inherent OS problems but rather an indicator of OEM/ISV development weaknesses on one level or another (funny, you seldom hear about driver issues with OSS, but they’re not immune).  In fact, as I’ve toured the country doing live presentations to partners audiences for TS2 over the last 3 years (since Vista), I’ve routinely found that the vast majority of partners were happy with Vista – of course, some had customers with legacy hardware or software issues, but outside of those issues, there was was overwhelming support for Vista from a partner perspective.  The trade press, however, fostered a negative perception about Vista that’s all too well known at this point, usually relying on anecdotal and unsupported evidence, which of course has been the subject of many blogs on my part over the last few years.  But what’s really interesting to me is how little the trade press seems to focus on other software vendors who continue to put out vulnerable software that’s developed using the same old dev paradigms that they’ve used since the previous millenium -- no SDL for them, and the results are not at all surprising, other than, as I said, the lack of attention around this they seem to enjoy (especially our fruit-branded friends).  If you’ve read my posts for some time now you’ll know that the headline “Vista hacked” from a past PWN2OWN contest was actually the result of an Adobe software exploit.  And you also know that the Apple platform, and browser, only gives the appearance of security (by obscurity, or lack of value due to small market share), and is always the easiest to hack and first to fall in these hacking contests.  Yet, have you ever heard the trade press take Apple or Adobe (as major examples) to task for not doing something like Microsoft’s SDL to improve their dev practices?  So it’s interesting to me, and worthy of a post, when I come across an article like this one that at least highlights the situation.  I recommend this article on ZDNet,   10 Most Vulnerable Software Apps of 2009 [ZDNet].  Interestingly, this is one of the few times I actually found some of the comments worth a read as well.  (Usually the comments are a complete waste of time IMHO, since the vast majority of them seem to be done by uninformed, but highly opinionated, “fanboys” of one ilk or another – and this one has those, but it also includes some that are actually worthwhile.)  One comment (#30 “Where have you been lately?”), does a good summary of the promise of the SDL without naming it specifically.  Of course, the response to him (#31) was the typical uninformed fanboy type.  The main reason I’m recommending this is to highlight that the vendors I called out above are still leading the pack in producing software that’s not as robust as it could be – no, it’s not to point out that there’s no Microsoft app in the list <smile>, but I’m guessing you’ll notice that anyway.  Of course, no software will likely ever be bug-free, so my point here isn’t to cast aspersions on them because of a few vulnerabilities, but rather to point out that where Microsoft has changed their dev paradigm and is actually on an obvious course to more robust software out-of-the-box, the other vendors, for whatever their reasons, are not seeming to feel the need to modernize their dev efforts, thus, my point is, that I’ve made many times before, is that you should be talking to your customers about the strategic implications of this in helping them plan their IT strategies and deployments.  Actually I did some research on this article and discovered something called the X-Force Threat Reports that I wanted to point out in case you weren’t aware either.  One of the commenters referenced the X-Force 2008 Annual Trend and Risk report, which is a little dated now, but I may check back for their 2009 version in the near future.  And, in that vein, don’t forget that Microsoft publishes their Microsoft Security Intelligence Report semi-annually (the last one was published in Nov for the Jan-Jun 2009 time frame) – I highly recommend you download and read the Findings Summary (if you don’t want to wade thru the entire report).  For instance, it really shows how much less vulnerable Vista is than XP (this period was prior to Win7 launch), and that Trojans are now the primary threat in the US.  And you should also check out the Exploit Trends - Browser-Based Exploits section (pages 9-11) for a very interesting look at how moving to Vista significantly reduces browser vulnerability – check out this excerpt: “Microsoft software accounted for 6 of the top 10 browser-based vulnerabilities attacked on computers running Windows XP in 1H09, compared to only 1 on computers running Windows Vista. The vulnerabilities are referenced below by the relevant CVSS bulletin number or by Microsoft Security Bulletin number as appropriate.”  Armed with that knowledge, I’m hoping you can make a strong case for the security benefits of Vista/Win7 over XP in those customer IT conversations I referenced above.

Bottom line, which comes as no surprise to my readers, is that, thanks to SDL, the Microsoft platform (and software) while certainly not perfect is nonetheless on a trend toward safer and more robust computing than any of the other platform or major software vendor and this is a message I hope you’re already sharing with your customers.  As this becomes more well-known and obvious, I’m hoping that many of you will be able to help your customers overcome some of the legacy attitudes (don’t do “dot zero” or “always wait for SP1”) that are keeping them from adopting “modern” technology that will in fact work better and will produce ROI for their IT investment.  Not to mention, help you help them with more advanced remote and management capabilities and just plain more robust software.

As you know, I “hate when they do this”.  Here’s another example of a headline designed to foster a negative perception – this time around Windows 7 interestingly enough (which has generally gotten great press for the most part).  At any rate the title of the post is “Out of the box, Win 7 less secure than Vista” (posted by Adrian Kingsley-Hughes, Dec 10th, on ZDNet blogs).  I’m not even going to link to it, because it’s not really even worth a read.  Essentially, AK-H makes this post on the strength of one quote from Trend Micro CEO Raimund Genes who has the following observation: “I’m not saying Windows 7 is insecure, but out of the box Vista is better…Windows 7 may be an improvement in terms of usability but in terms of security it’s a mistake, though one that isn’t that surprising. When Microsoft’s developers choose between usability and security, they will always choose usability.”

I guess what gets me the most is the final sentence of Genes’ comment above about MSFT “always” choosing usability over security.  Really??  Would you agree that Vista UAC was a “choice” for usability (over security)?  Wow, for the last 8+ years (the Secure Computing Initiative era) MSFT actually has been routinely choosing security over usability (here’s another example: when was the last time you had to confirm the download pictures or had to deal with other content that was blocked by default?).  Yet, AK-H basically throws Genes’ blanket statement out there for everyone to accept on its face value, which gives the statement an aura of credibility – and the fact that he makes this blanket statement in the aftermath of the overwhelming negative usability reaction to UAC in Vista, as I pointed out above, is almost ludicrous, or it would be if folks like AK-H didn’t give it the appearance of credibility by not only publishing it, but, in fact, basing a whole post on it, with the specious title I’ve already called out above.

Bottom line, UAC is still at work in Win7, it’s just the level of notification that’s been changed, so I would maintain that, notwithstanding any of the other improvements made to security in Windows 7, on the basis of just this, it’s not fair to cast the perception that Windows 7 “in terms of security, [is] a mistake”.  His underlying premise that more notification (which is what upping the UAC settings does) = better security is subjective at best and potentially erroneous.  But as is my normal point with these “you make the call” posts, the lack of factual basis, and the reliance on purely anecdotal evidence (in this case a single quote) that’s not adequately vetted, or substantiated is a real disservice to the general readership.  Yet it continues to happen, and when enough of it is out there in the “echo chamber” (as Ed Bott likes to call it), it leads to or adds to many of the negative perceptions that you have to overcome or that keep your customers from making the best technology choices based on objective factors.  OK, so that’s my post.

Windows 7 less secure than Vista?  You make the call.  But, as they say in the current vernacular, I don’t think so.

By now I’m betting most of my readers have heard of the “black screen of death”, but did you know that there really is/was no such thing?  And yet, now, it’s likely indelibly etched in your mind thanks to some specious activity by a small and somewhat obscure security company compounded by the sensationalist, and in my opinion irresponsible (meaning no facts), journalistic tendencies of so many of our blogosphere participants, including, sadly, many who should know and do better.  So here we have an extraordinary case of more negative perception, not only undue, but in this case founded on error and untruth.  I think Ed sums it up nicely: “It’s a near-perfect case study in how Internet-driven tech journalism rewards sloppy reporting and how the echo chamber devalues getting the story right.”

So why did I say there was no such thing when you’re probably saying, of course there is, I’ve been hearing about it for over a week now; well stay with me, I’ll explain why I say that in the next paragraph.   As most of you should know, I’ve been doing counterpoint posts for some time now on articles and press (including blogs) that continually paint Microsoft in an unfair (IMHO) light, especially around security, and many times with no facts to provide even the most basic support for the quotes and assertions that are reported, and unfortunately, taken by many as factual purely because they show up under a presumably credible tagline or authorship.  Well, this current one, the supposed black screen of death really takes the cake and so I couldn’t let it go unchallenged.  Probably, the most definitive response that I’ve seen comes from Ed Bott, who you should also know I think is one of the best and most objective bloggers out there – I’ve referenced him many times in the past, and I suspect many of you probably have already seen his post on this.  If not, PLEASE, see his post, What the "Black screen of death" story says about tech journalism, for an excellent, and factual, account of how this story came about.  But my post isn’t just about piggy-backing (or piling) on Ed’s comments, I wanted to point out something that I want you consider beyond just the unfactual(?) coverage of this issue that Ed highlighted so well. 

Again, I’ll assume you’ve read Ed’s blog post, so I won’t be going into the same details he did.  But I did want to point out something that is central to the aspect of this that I find so unfortunate, if not downright dangerous from the perspective of readers who tend to put some level of trust in what they read in print.  Notice, as Ed points out, that the original headline was “Black Screen woes could affect millions…”, now notice that when the IDG news service  picks up on it and publishes their headline it becomes “Latest Microsoft patches cause black screen of death”.  Did you notice that the original headline only characterized the issue as a “black screen”, and in fact, that’s precisely what it turned out to be, just a black screen.  But now the IDG  person decides that it can characterize the black screen issue with the additional verbiage “… of death” which we all know connotes a system crash (hard stop).  And, of course, from there most everyone just went with this and the rest, as they say, is history.  Of course, it was not a registry corruption, as was originally proposed, and it turned out not be a system crash in any form, so there you have my tale of why I maintain there never was a true “black screen of death”, yet I’ll wager that you’ve never heard of this issue referred to as anything but the “KSoD” (k standing for black to differentiate from B for blue in BSoD).  And that, my friends is how perception can work – as Ed points out:  within a couple of days “More than 500 separate posts on mainstream tech sites and in blogs have amplified the original story, most of them simply repeating the accusations from the Prevx blog post with no original reporting or fact-checking. The story has now taken on a life of its own.”

I guess the good news is that this one got exposed big-time, and may well have reflected more poorly on its progenitors than on Microsoft but still I hope this can be used as example to why your customers should be wary of the stuff they might see online. 

…

WOW, as usual I wait a day (after I write a post) before I actually post anything that’s not time-sensitive, and in this case, it turned out to be fortuitous, or perhaps uncanny.  I just saw this follow-up from Ed Bott around the topic above, The 'black screen of death': fact, fiction, or FUD?  As you might expect, I highly recommend this post as an additional read.  Here’s his very first line: “Here’s what you need to know about the so-called Black Screen of Death: There’s no such thing.”  His thrust is more on the technical side of what constitutes a “BSoD”, whereas my point was more around the issue of how negative perception, but I was still pretty floored when I saw his opening.  One interesting tidbit that came out of his post is that “black screen of death” was likely coined almost 20 years ago and that the “The black screen of death has been present in all versions of OS/2” (from Wikipedia), and even Apple appears to have “black screen” issues as Ed points out.  But I’ll bet if you ask anyone today, they’ll most likely say it’s a uniquely Microsoft issue, and that’s my point about the unfortunate, and undeserved, perceptions that you and I deal with as we try to help folks understand the quality and value of Microsoft’s post-SDL technology.

Well, I just ran across this and couldn’t resist a post on it.   There’s plenty of good press around Windows 7, so this isn’t about highlighting some good press, but this article did take the Win7 goodness to the next level IMHO, and there were a couple of interesting notes that I wanted to highlight that are further evidence of some of the things I’ve blogged about in the past.  First, read this article by Sam Burke from ChannelWeb if you haven’t already…

Apple Will Feel the Pain From Windows 7 Launch

So here’s the first item of note (excerpt from article):

“BusinessWeek says that Apple will likely make the case that PCs are more susceptible to viruses. A flat-out false claim. There are a bunch of Mac myths. And better security than Windows is the biggest one. Security experts say that if Mac users are less susceptible to attack, it's simply due to the fact that there are fewer viruses written for Macs than for Windows.”

WOW, does that sound familiar, couldn’t have said it better myself (“flat-out false claim) – if you’ve followed my blog at all over the past years & months you know that this has been a recurring theme of mine, dispelling the myth of Apple presumed invulnerability, the “security by obscurity” syndrome aided by the fact that their entire platform is very proprietary and thus they have much more control (but less choice) over their apps and peripherals (drivers).  But you already know that.

So here’s the real reason I was compelled to make this post.   As you may have just noticed, there is a link in the excerpt above called Mac myths.   If you didn’t click on it before, I really encourage to do so, or use the (same) link below.

Mac myths

This is without a doubt one of the best overall articles on the myths of the security of the MAC platform that I have run across, I really hope you take the time to read it (it’s not long).  But, if you just want the Cliff Notes version (for those of us old enough to know what Cliff’s Notes and/or Readers’ Digest versions are) here’s some of the highlights (not doing all of them and only using excerpts from the ones I am using):

• Myth 1: Macs Are Safer Than PCs – …Security experts say that if Mac users are less susceptible to attack, it's simply due to the fact that there are fewer viruses written for Macs than for Windows. (notice “security experts say”)
• Myth 2: Macs Have Fewer Vulnerabilities Than Windows
  Not true. In fact, studies have shown that Macs actually have MORE vulnerabilities than their Windows counterparts, experts say. (notice again, the “experts say”, this is not just the writer’s opinion, and emphasis was his, not mine)
• Myth 3: Mac OS X Users Don't Need A Separate Antivirus Solution
  Not so. Not even Apple says that anymore, even if it has downplayed the fact that users also should equip themselves with third-party antivirus software.
• Myth 6: Apple Is Just Like Microsoft And Has An Army Of Security Henchmen
  Er, no. In fact, the company's historic lack of emphasis on security issues has left Apple vastly underprepared to deal with the barrage of anticipated Mac malware coming down the pike. Experts contend that Apple lacks the necessary manpower to create and test patches on a monthly basis…  (and this is another of the key points I’ve made in other articles – since the advent of our Secure Computing Initiative and the Secure Development Lifecycle early in this decade, MS has made security a top priority and now has a world-class security infrastructure and product updating/protection mechanism to make our products more secure against the malware of today’s environment. On the other hand, Apple hasn’t evolved their security to any great extent and, in fact, has consistently shown that they can’t even get patches out in a timely and efficient manner as witnessed by this excerpt from the #7 myth which I’ve not included here: “Meanwhile, Apple scrambled to repair a six-month-old critical Java vulnerability this spring after -- but only after -- researcher Landon Fuller published a proof of concept exploit exposing the flaw six months after it was first detected.”)
• and finally -- Myth 9: There Is Only A Handful Of Mac Malware, And It's Pretty Benign
  …Earlier this year, Mac users were pummeled with two variants of a Mac-only iServices Trojan…[which] later developed into a full-fledged global botnet that infected more than 40,000 Macs. And experts say that Mac users can expect to see more drive-by and browser attacks. (enough said)

Again, the above was just a selection of some of the Mac myths, and none of it should come as a surprise to anyone who has followed this blog.  And, as usual, my only real impetus to add it here is give you additional 3rd-party commentary for the things I have already brought to light (and that you already know), so that you will have more objective evidence to use if you should need to have the Mac conversation with a customer or someone you know.

Now back to the original article.  I wanted to highlight one more cogent point that was made in the original article – again, it’s based on another pull quote from BusinessWeek…

“BusinessWeek also claims Apple will make fun of Microsoft for making Windows XP owners go through what is by all accounts a cumbersome process to upgrade from Windows XP to Windows 7. Talk about a canard. That duck just don't fly…Windows 7 is a cause celebre to look at buying a new system. It is not a reason to look at upgrading a well-running Windows XP system. You wouldn't upgrade a well-running Mac system either. Get a life.”

Canard – wow, I’m impressed haven’t heard that word in a while, in fact, as a former pilot, I’m more familiar with the term canard used in the aeronautic sense, but here it means “a false or baseless, usually derogatory story, report, or rumor”, so I’ve saved most of you the trip to dictionary.com.  I love it when writers talk like that and I’m going to have to remember that word, since it describes a LOT of the stuff I saw written about Vista (as you know from my “you make the call series of posts).  but I digress…

Now I’m not 100% in agreement with the don’t bother upgrading from XP premise, BUT for those who have chosen to stay on XP all this time and are effectively skipping a generation of the OS, I would make the case that they should expect that that upgrade process would not be as easy and smooth as moving up from Vista.  The fact that there will be a migration path, with some pretty solid tools, is a plus IMHO.  And, for sure, with the cost of PCs/laptops at current levels, if you’re still running a computer that was originally manufactured in the XP timeframe, this would be a very opportune time to consider a hardware refresh (which should make a partner happy, on several levels).

So, as always, I hope this has been a worthwhile read for you.  Although I won’t be updating the blog as frequently as I did back in my TS2 days, as you see I will continue to post when I run across something I think is worthy of your time and attention.  Thanks for staying with me.

I just published a post that I had started a while back when MSE was just coming out in beta.  Hopefully, you’ve just read that or will go back and give it a look.   As of this last Tuesday (9/29/09), Microsoft has released MSE.  It’s basically an anti-malware offering that provides real-time protection for your home PC, meaning that it guards against viruses, spyware, and other malicious software.  It’s free to all genuine Windows users (Windows XP SP2 or later), there are no subscription fees, and thus no registration (beyond the standard download registration) or other personal information required for billing.

Microsoft Security Essentials is simple to install, easy to use, and always kept up to date (quietly, I might add) so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple. I think many folks are going to like the simplicity. In my former life as a military pilot, we had a phrase for self-guided missiles called “launch and leave”, this is pretty what your experience should be with MSE.  MSE is lightweight compared to many of the other offerings out there (of course I’m speaking from a system impact perspective, certainly not from a protection perspective) – and it runs quietly and efficiently in the background. As I’ve alluded to in past posts, MSE leverages all the security and anti-malware ecosystem that Microsoft brings to the table for our corporate level Forefront product – you should also take a look at the MMPC blog post linked below for more details on that.  

Of course, you can download and get lots of other information from the official site here: http://www.microsoft.com/security_essentials

MMPC blog post: http://blogs.technet.com/mmpc/archive/2009/09/29/introducing-microsoft-security-essentials.aspx

I saw some competitor blogs about MSE, as you might expect they had almost nothing constructive, or accurate, to say.  What i did find interesting, however, was the overwhelming backlash in the comments to those posts.  The folks that did get to do the beta, including me, generally had very good experiences with it, and as I alluded in the post right before this, the results of actual anti-malware tests by independent orgs are showing that MSE is providing excellent protection.  In fact, one of the testing orgs gave it very good marks for handling rootkits.  But that’s pretty much what I’ve been trying to get across for some time now in my blog – Microsoft really does get security, and a bet on Microsoft technology for security going forward is actually a very good bet. 

I know the MSE beta was not widely available, so I’m encouraging you to take a look at it now.  You know, it even works in Windows 7 XP mode – which, btw, I’m using it for.  I’m also loading it up for all my friends and family, which I know I’ll have to support, so in effect I’m definitely making the bet myself (or I wouldn’t ask you to do it).

[This was started a while back, article is from June 2009, but now that we’ve just launched Microsoft Security Essentials I thought this might be good to finally post]

Well, in light of my last post on the IE 8 security, and, in light of my “between the lines” thoughts, I thought this might be a good time to “dust off'” this article on our beta release of the future free AV offering (codename Morro) that I had actually intended to blog about earlier.   For those of you who follow this blog, my title statement will come as no surprise at all.   I would highly recommend that article, but I’m actually going to include an excerpt below that pretty much captures the main points, to save some of your valuable time.

Computerworld article: Antivirus testing outfit: Microsoft Security Essentials makes the grade

Article excerpt from Computerworld (emphasis mine to highlight key points) -
“Microsoft's free security software passed a preliminary antivirus exam with flying colors, an independent testing company said today.  AV-Test GmbH tested Microsoft Security Essentials (MSE), the free software Microsoft launched yesterday in beta, on Windows XP, Vista and Windows 7, putting it up against nearly 3,200 common viruses, bot Trojans and worms, said Andreas Marx, one of the firm's two managers. The malware was culled from the most recent WildList, a list of threats actually actively attacking computers.  "All files were properly detected and treated by the product," said Marx in an e-mail. "That's good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet."  AV-Test also measured Security Essentials against a set of in-house false positives to see whether the software mistakenly fingers legitimate files, a nightmare for users, who can be left with a crippled computer, and a disaster to the reputation of a security company.  "None of the clean files were flagged as being malicious," noted Marx. "Very good."  AV-Test also examined the program's anti-rootkit skills and its ability to scrub a system of malware it finds with a limited number of samples and "found no reasons to complain," Marx said. "[Security Essentials] is able to remove found malware very well, but further tests against larger sets of samples are required before we can come to a final conclusion."”

On an side note, it was interesting to see some of the initial negative buzz, most of it by security competitors, and ALL of it opinion based and unsupported by any facts or data.   This article gave an example of that in the following excerpt: “AV-Test's results will disappoint some rivals in the security market, who yesterday knocked Microsoft's effort. "It just doesn't give you the protection that you need," argued J.R. Smith, the CEO of AVG Technologies”.  The fact that articles on our technology always seem to include gratuitous negative comments that are seldom more than unsupported opinions, such as this one, is a big part of why we continue to battle the perception issue (of course that’s my opinion).

So back to the reason for this post.  First, I wanted you to be aware of this test, and to highlight the “passed…with flying colors”.  Unlike the opinions, actual test data is tending to validate the Morro product, and remember this is just the beta.  I believe I did some posts in the (distant) past about Microsoft’s world-class Security Response System and accompanying infrastructure, but suffice it to say, that we have a highly sophisticated, global security monitoring and response operation that is really second to none – most folks are not aware of that and never hear about it.  Our Forefront security products have been protecting not only desktops but servers, and not only at Microsoft, but for many large customers around the world for some time now.  I’ve always thought it was pretty compelling, considering that we are a primary hacker target, that we “eat our own dogfood”, which means we are protected from malware threats by our very own technology.  Second, I wanted to call out that, even though it’s listed as an AV product, as you see from above it protects against other threats such as rootkits.  And, in fact, it’s the successor to our Defender product as well, so don’t be concerned that it turns off Defender when it installs.  Third, I wanted to add that other articles seem to indicate that it appears to be good at avoiding false positives.   And, lastly, this article didn’t mention it, in other reports I’ve seen comments about how “quiet” it is and that it has less of an impact on your system than many other AV products.  Bottom line, as I’ve tried to highlight in my blog over time, a bet on Microsoft security should be a good one these days( post-SDL), even though I still see competitors (and sometimes folks online and in print) making statements that continue to try to rely on dated perceptions. 

Some other food for thought.  Microsoft leverages all the security infrastructure I alluded to above for the support of all their security products, so the same technologies and supporting mechanisms that have been, and are, protecting large corporations, including Microsoft itself, are also used in our consumer products like MSE.  So it should be no surprise, to the person who really understands Microsoft’s security commitment and products, that this product appears to be solid right out of the gate.  And, btw, did I mention that MSE is going to be free when it launches (at least for consumers).

For some time now, I’ve been extolling the advantages of Microsoft on the security front.  I’ve specifically mentioned the SDL as well as our threat modeling and security response capabilities in previous posts.  Some of you may still be skeptical and that’s OK, but I ran across this on the Partner Portal the other day and thought it would great to share with you in case you hadn’t run across it yourself.  As you’ll notice from the subtitle below, this is Customer Ready stuff, so please feel free to share this with them as they make strategic platform choices in the days ahead.  I hope, if you’re still one of the skeptics, or even if you’re not, that you’ll read some of these yourself (if necessary) to refresh on what all Microsoft is doing and has done on the security front to make sure that our platform not only delivers the security you need and deserve.  And, I’m hoping you also see and understand why I’ve been saying that we’re also a great, if not the best, security bet going forward for you and your customers. 

Partner Sales Resources

Microsoft Security Development Lifecycle To-Customer White Papers

Get insight into the Security Development Lifecycle that has made Microsoft products more secure. Reassure your customers by giving them an inside peek into how we make sure their software isn’t vulnerable to attack.

• Investigating the Security Development Lifecycle at Microsoft

• Security Education at Microsoft

• The Microsoft Security Organization Chart

• Threat Modeling at Microsoft

• Microsoft's Security Response

• Microsoft's Security Toolbox

Before I close this, as a Partner Learning Advisor for security (my new role), I want to give you a head’s-up about some key changes in Microsoft’s security marketing strategy.  You should have already seen or heard some “buzz” around what we’re calling “Business Ready Security”; if not, might I suggest you Bing that phrase (or just take this link if you want to do it now: Microsoft's Business Ready Security strategy).  What you’ll notice is that we’re trying to take the whole notion of “security” to the next level – it’s not just about firewalls and/or malware protection any more, but about a much more holistic approach that encompasses identity management and access control in addition to the malware and networking stuff.  On this page you’ll also find updated info on “Stirling” and Geneva” (no, I’m not going to tell you what they are, I’m going to encourage you to go the site and see for yourself <smile>), as well as other new stuff such as Forefront Identity Manager.  As you likely know, Microsoft if the ONLY provider that can give you highly integrated,compatible, business-ready protection across the entire security spectrum, from anti-malware on the client, to “identity lifecycle management” in the datacenter.  Please take some time to educate yourself on the Microsoft security story.

Microsoft Wave

In case you hadn’t heard about this, our friends in the UK have put up a new online site to show off the "cool" software and hardware Microsoft develops; including Live Mesh, Photosynth, pptPlex, Songsmith, WorldWide Telescope, AutoCollage, DeepZoom, Tag, Surface, Xbox Project Natal and some Xbox games.  Of course, one of my favs is the Arc mouse (in the hardware tab), if you haven’t seen or tried this little beauty, I would encourage you to do so.  I started using one of these a while back and liked it so much, I talked the powers that be into getting them for give-aways at the OEM/SB events I did last year.  I have given away plenty of these and have never found anyone yet who didn’t like the Arc mouse.  Live Mesh is cool if you regularly need to synch multiple computing devices.  Perhaps you’ll find something else on this site that will become your favorite “recommend”.  Enjoy!!

This comes from a  recent Network World article: Microsoft IE 8 shines in Web browser security test

Alright, if you even read the first paragraph of the article, you’ll find that MS paid for the test, so right away some folks will discredit the whole thing, although many of those same folks have no problem with tests that other folks pay for – at least it’s done by a 3rd-party research outfit and not by the vendor (in this case us).  My main point here, however, isn’t to extol the virtue of IE8 over other browsers, or even to cast aspersions on some of the ones who didn’t do very well, but rather to point out a couple of “read between the lines” thoughts in line with some of the threads that I focus on in this blog – one of the main ones being that Microsoft “gets” security, as well as the underlying value of our focus on security at the platform level, the Secure Development Lifecycle thing.   So, please read the last couple of paragraphs even if you choose to skip the next few sections around the specifics of the test.

Before we go on, let’s do a quick review of some of the highlights of the article (titled "Web browser Security: Socially Engineered Malware Protection Comparative Results 2nd Edition").

The tests were done over a two-week period in July at the NSS Labs in Austin.  They evaluated what are generally considered the top 5 browsers: Internet Explorer 8, Apple Safari 4, Google Chrome 2, Mozilla Firefox 3, and Opera 10 (beta).   The tests were done based on access to live Internet sites and, in theory, could be duplicated elsewhere.  In the end, IE 8 was evaluated as the best when it comes to browser protection against phishing and malware, mainly because Microsoft was deemed more speedy and comprehensive in delivering updates about known phishing and malware to the user's desktop browser.   This is important because time is of the essence in this area, as a  report from the Anti-Phishing Working Group estimates that more than 47,000 unique attacks occurred in the second half of 2008 with an average lifespan of 52 hours.

Here’s some more details around the test.  It was based on 593 validated URLs. "The average phishing URL catch rate for browsers over the entire 14-day test period ranged from 2% for Safari 4 to 83% for Windows Internet Explorer 8," the test report states. "Internet Explorer 8 and Firefox 3 [80%]were the most consistent in the high level of protection they offered."  Opera 10 achieved only 54%, followed by Chrome 2 at 26% and Safari 4 at 2 % in terms of mean block rate for phishing.   The Network World article even pointed out that the report stated: "We expected better results given the fanfare about Google's SafeBrowsing initiative."   Also, IE was found to perform the best in testing for how well each of the five browsers provide protection against socially-engineered malware—defined as a Web page link that leads directly to a ‘download' that delivers a malicious payload whose content type would lead to execution.

In another test based on 608 potentially malicious URLs, IE 8 achieved an 81% mean block rate for socially-engineered malware, while none of the other even topped 30%, and Chrome and Opera were <10%.  On average, 197 new validated URLs were added to the test each day, more or less depending on "criminal activity levels" as malicious URLs quickly rolled in and out of use.

IE Explorer 8, with its  “SmartScreen” protection mechanism, did best for protecting against socially-engineered malware in what was called the "zero hour" timeframe when a malicious URL was spotted by blocking 51% of the time. And the report goes on to note that “By the fifth day of the known malicious URL, IE 8 was blocking 91% of the time, Firefox 3 24%, Safari 4 22% , Chrome 2 14% and Opera 10 beta 1%”.

So now, for the reason behind why I chose to blog about this.  Again, it really wasn’t just to “plug” IE8, I’m sure no one is going to change their default browser based on this one test, especially since they/you can choose to downplay this info given that the test was MS-sponsored.  BUT, what I want to point out (the “between the lines” info) is that this represents further evidence of the effectiveness of Microsoft’s focus on security (which has been going on for some years now).   I’ve mentioned in previous posts that MS has a world-wide, world-class security (anti-malware) threat research and response system.  You can find out more about this at: Microsoft Malware Protection Center Portal – in fact, I highly encourage you to do this if you’re not already familiar with it (please read the “Who we are and what we do” section on the home page if nothing else).  This system’s protection capability is shared across all of our platform products.  So, what you may not know is that this “ecosystem”, if you will, which is helping to provide you with top-of-the-line anti-phishing in our browser is also the same technology and infrastructure that helps secure and protect your email and data (Forefront as well as the consumer-oriented security technologies).  Moreover, you may not have known that our system is easily the equivalent, and I would make the case even better, than any of the other “major security vendors” out there, and that’s why you should seriously consider using our business as well as consumer-oriented security products.  Back to the matter at hand, as far as I know, none of the other browser vendors has this kind of resource going for them, so hopefully you see, and believe, that IE 8 isn’t winning in this area by “smoke and mirrors” (as I’m sure many will claim), but rather by leveraging Microsoft’s huge investment in and focus on security.  As you may recall, I’ve said it before, and I’ll say it again, Microsoft IS a great bet around security these days – heck, even one of the most maligned features of Vista (UAC) actually provided significantly improved security and protection (and indirectly reliability) over its predecessors.  And, most of you are aware that our Windows servers are successfully supporting infrastructures, like our very own and much of DoD, that require the highest levels of security and access control possible (and, of course, it’s all the same platform).

Thus, I close by pointing out I hope you found the IE 8 test interesting, not so much from a browser compete perspective (although that would be OK  by me), but, as further indication and proof of what I’ve been trying to help you understand and be able to articulate, which is that the Microsoft platform is the one I think you (and your customers) should bet on as we all move into an ever more challenging era of computing on the security front.

See also: IE8 reaches 80 million malware blocks

and as a follow-on to the last post, here’s an article (link below) from a ComputerWorld writer, who by his own admission is “not Microsoft's greatest fan”.  He basically makes the same general point as Ed Bott, that many of the bloggers and tech new folks did shoddy reporting around the ScriptLogic survey.  In fact, this author says: “any middle schooler can tell you that eWeek's headline ‘Microsoft Windows 7 Will be Skipped by 6 in 10 Companies, Says Survey’ is at best an illogical conclusion, at worst a flat-out lie, and at minimum poor reporting.”  Well, the illogical conclusion and poor reporting were pretty much what I was getting at in my previous post, but he even went a little further with the middle schooler and lie comments -- but sadly, the fact that such a preponderance of the reports and articles jumped on that negative skew belies an unfortunate state in a significant part of the trade press these days IMHO.

If you have a minute, you might even read this article, it’s not long and he makes some interesting points.  [ComputerWorld article] Opinion: Windows 7, FUD and slow news days 

And, in case you don’t read it or might have missed it, one of the more interesting points that’s not obvious, but nonetheless pretty important, revolves around this (aspect of the original survey): [from article] “But had any of' them actually said they were going to skip Windows 7? If they did, you can't tell from the questions that were asked.“  In fact, the survey only mentioned the respondents intentions by the end of 2010, which is only 15 months after the general availability of Win7.  As this author also points out, to extrapolate that to mean the these folks were “skipping” Windows 7 altogether is just plain wrong.  I’ll even go so far as to say that, in all likelihood, those who were holding off on Windows 7 were also most likely folks who didn’t adopt XP until 2-3 years after it’s release, but as he states, no one asked those kinds of clarifying question.  I would point out, unlike most others, that this is conjecture on my part, and I have no specific data to back up my claim, but I would also hope that there’s a certain level inherent credibility to my hypothesis – I think it would take far more faith to believe that folks who adopted XP and Vista early would then “pass” on Windows 7, but the actually survey doesn’t allow us that level of insight in any event.  But as I’ve said in many previous posts it’s up to you to make the call on who or what you believe.  I’m just hoping you see the massive opportunity that Windows 7 represents, despite the press misinterpretations, and put yourself in a good position to take advantage of it, for yourselves and for your customers.

As before, my main point isn’t primarily to cast aspersions at all the folks who blog and report with a jaded or at least parochial (and often anti-MS) point of view, but to continue to alert my audience to the fact that just because someone has a byline and a large forum doesn’t always mean that they know whereof they speak, so please apply copious “grains of salt” to much of the Windows negativism you see and hear out of these presumed “pundits”. 

This author ends his article with the following, so I’ll end with this as well.  “But as someone who has been doing this stuff for over half my life, skipped Vista without any regrets, but conducted an in-depth review of Windows 7 for deployment in my organization, I personally can't wait to replace XP with Windows 7. I can at least confirm that in my organization, it will save a lot of time and personnel resources over supporting XP. If your organization is primarily Windows-based and your director or CIO puts a ‘6 in 10 skipping Win 7’ article in front of you as some sort of bolstering argument for not at least doing a proper shakedown of Windows 7, arm yourself with the facts.”  Given this statement, and considering the source, I’m hoping you are now even more aware of why I believe Win7 will be the massive opportunity I alluded to earlier.