So let me get this straight. You're advocating that Microsoft totally drop support for slightly older (Outlook 2000, for example, which is not exactly Word 2.0 here) software to solve a user education issue.

User education issue, not security issue.

Let me paint a picture of Microsoft shareholders rubbing their hands with glee at the idea of making everyone pay for new versions of Windows, Office, Exchange, SQL, ISA and so on every year or 2. In fact, why not speed up the development process! Screw trustworthy computing and secure code review - bang any old crap out to the consumer and fix any security flaws in the next version! They'll start naming products "Office 2004 Quarter 1 version". After all, you're advocating that everyone must constantly upgrade to receive security patches.

This illogical argument of yours doesn't stop at the poor consumer taking bank loans just to have secure software, though. Consider all the people who *don't* patch at the moment (that's right, those millions of Win95 & Win98 users directly connected to the net).

Currently, these people don't patch because they don't know how, don't know why or just plain don't know. If we follow your advice, we also need to tell them that they have to constantly pay for new software just for "that security thing they heard about on the news".

How many home users are really going to do that?

It's quite scary how far off the mark you are. Please come join the rest of us in the real world.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/217/24747#24747