By 2002, Bill Gates was fed up. He'd had his fill of reports about Windows malware causing grief for customers who similarly were fed up.
And so Microsoft's chairman sat down and authored a call to arms in a remarkably frank memo to employees, urging a series of changes to bring about what he called an era of "trustworthy computing."
Our new design approaches need to dramatically reduce the number of such issues that come up in the software that Microsoft, its partners and its customers create. We need to make it automatic for customers to get the benefits of these fixes. Eventually, our software should be so fundamentally secure that customers never even worry about it.
Although Gates and other company execs did their best to spin a positive picture, security had turned into a major embarrassment for Microsoft. Flaws turned up in Windows XP as well as in Microsoft's .Net initiative, a major undertaking at the time that was supposed to ensure secure and 24x7 access to businesses via the Internet.
But there was no spin about what happened next: Microsoft chose security over the bottom line for Windows development, essentially freezing product development while nearly 8,500 developers got trained in secure programming and then vetted the vast majority of Windows code.
The price tag for that episode was estimated at around $100 million.
But as Microsoft stepped up its game, so have "the bad guys and their products," notes ZDNet's Ed Bott in an excellent chronology of the security highlights from the last decade. And unlike the so-called script kiddies and attention grabbers, the latest generation of malware authors have figured out how to monetize their labor while remaining in the shadows.
So the question to computer users remains as relevant as ever: After a decade of Windows malware, do you feel any safer?