But you're still saying that you're not going to be able to fix it once and for all. How much time do you think IT is willing to give Microsoft to put this issue behind you?
I think that IT understands that it's not just Microsoft that has these issues. They understand that they have this issue across all their systems. Customers generally feel pretty good about the fact that we're focusing on and taking this very seriously. For most of these customers, there are a lot of steps they can take right now to make themselves less vulnerable.
I'm sure there are, but you're still putting the onus on the customer. We receive a ton of feedback from readers whenever one of these attacks takes place, and each time, there's major blowback against Microsoft.
We talk to those same customers and have heard their concerns in every one of those cases. You have to see what happened and replay it. It's usually a combination of some operational issues and some software problems on our part. They're very happy to hear from us about the things we're doing to address the problems that are our own and the ways we can work to improve their operational situation.
Have these security-related problems slowed Microsoft's ability to get its products into more corporate data centres?
It certainly has had some impact. Some customers have said they need to make sure that we fix these problems before they feel comfortable about moving forward (on a sale). But we also meet with other customers who have never used our software for certain data centre systems and are strongly considering doing that or are in the process of installing.
Nonetheless, has it been an issue?
It's like anything else. On any given day, there are issues customers have with any company. Security is very public and visible for us right now, so it's a concern for some folks. As we work through the issues, we'll be able to get through that.
Do you see a point in time when you have a better code base?
It's certainly true that a lot of the problems exist with the older systems, so as the newer things come in, it will get better. We think that the fixes and the countermeasures are going to improve this. But to be perfectly honest, it's only been in the last couple of months that it's become clear to people that these are criminal acts.
What does that have to do with anything?
If you talk to the young man who did the variant of Blaster and whom the FBI arrested, he claimed not to have been aware that he was doing something illegal. This is not unlike robbing a bank.
But most hacks or intrusions are internal or corporate espionage.
That's a different issue.
Aren't they also taking advantage of the same vulnerabilities?
No, they really aren't. An internal act is performed by an employee who has some level of credentials on the system. That's something we don't know how to fix. We have systems that allow people to be very granular in the rights they give to people to limit exposure. But if I have the keys to the data centre, I can inflict significant damage. That's very different than writing a virus that's meant to exploit and traverse around the Internet -- which is a criminal act in this country and much of the world.
Your terminology's interesting. I'm hearing this "criminal act" refrain popping up whenever Microsoft talks about this issue. Are you doing that on purpose to project a concerted message?
Yes. These are criminal acts.
Talkback
some one hacked my hotmail which is zoro_54@hotmail.com i have already opend another hotmail account how can i close that account and how it has been hacked?