First Bill underestimated the arrival of the Internet, then, having realised its mistake, his company ignored the obvious consequences of that moment in computing history. Yes, the Internet changes everything and that includes security.
Microsoft suddenly got (ping!) the security issue two years ago or so, and this years Infosecurity show has arrived at a critical moment. We are living with the patched-over Windows XP on its last legs, and the company promising that Vista will answer the tough questions that have been thrown at its whole product philosophy in recent times.
But why did Microsoft, the richest company in the computing world and still the galactic star around which all else is supposed to orbit, not see trouble coming sooner?
Windows XP was forged at the end of the last millennium, so we can perhaps forgive it the security oversight in the middle of its code spaghetti. But what about Internet Explorer? It took the company until as recently as last year, and the emergence of Mozillas Firefox, for the corporate synapses to fire in the correct sequence. Browsers are not just things for doing a bit of shopping on a wet weekend, they are now the centrepiece of almost everything everyday that is done with or to the Internet. If resources are not directed into browser development not least in terms of security yours will wither.
My guess? IE wasnt generating any bottom line, and perhaps the whole anti-trust experience had made Microsoft a bit twisted about the idea of browsers, period.
Things have changed for the better, so lets not hold it over them for too long. Its in the past. This years show will even see Microsoft holding an entire seminar series dedicated to a number of security themes, the most important of which will cover how Vistas security will be an order of magnitude more sorted than XPs.
We wait for news of Internet Explorer 7.0 myriad improvements, of how the company will incorporate BitbLocker encryption (and not without some controversy there), how the new OS can stop malware running with default admin privileges, plus a host of important changes to the way that security can be implemented and managed for inherently hard-to-secure devices such as mobiles, and in things such as authentication.
It is said that Microsoft employs people specially to look into the future to work out whats next. They must have been asleep on the job to have missed the importance of security when XP was in development, or perhaps they did see problems ahead but were somehow ignored. NASA sent Space Shuttles into the Florida sky against the best advice of some of its engineers, and there is no reason why a large software company is necessarily any less narrow in its calculations. Sometimes simply looking for the future, you are doomed to miss it.
Of course it is also possible they knew security was an issue, as did the rest of the industry. They just forgot that, sometimes, the crooks and malevolents, are cleverer and more motivated than they are. They wont be making that mistake again.
Details of Microsofts Security Academy at this years Infosecurity show can be found by studying the seminar program.