Sunday, May 1, 2011

Is Microsoft's IE Patch A Retroactive Brand Fix??


Microsoft (NSDQ: MSFT) reacted to the latest IE flaw with an emergency patch earlier this week, but does fixing the software retroactively repair the damage to its brand?
The flaw was a doozy, by most accounts, opening a hole in memory space that let a mere visit to a malicious site trigger hacker access to keystroke records and passwords. Another venue of attack came via an exploit code buried in Word documents. Zillions of computers could have been compromised.
I think events such as this create a constant state of orange-level alert for IE users.
Every security scare and subsequent download is the software corollary of a pat-down in an airport security line. We all know that we should be worried, and that powers-that-be are being powerful and checking. But we also know that the evil-doers are working just as hard to outsmart them...so we are wary, and are forced to endure long waits and smelly feet (and we're supposed to be thereby reassured).
There are similar impacts on PC users experience, both for those of us unlucky enough to have our computers violated and phished, as well as the larger group of unaffected users who get feel the effects of problems caused by repeated software downloads (the unanticipated impact of fixes that break other bits of device performance, like resetting drivers, changing disk labels, or whatever).
Ultimately, the fixes are retroactive, so we really have no protection, per se; like the airport analogy, Microsoft is always chasing yesterday's news, while tomorrow's headlines stay hidden. I'm sure it has legions of reformed hackers working to discover exploits, and trolls Internet chat like the CIA to find/assess evidence of hacker chatter, but we never hear about that stuff. Most of our interactions with the Mother Ship are about bad things that have already happened.
Does this situation help or hurt the Microsoft (or IE) brand? Is security, whether in software or airline travel, something you can fix retroactively?