I know quite a few people who have been hired recently by Microsoft from WWU (my current location of study) and I happen to know that the security courses are few and far between. Being a computer science student here at WWU has made me realize that this
is not the place I want to continue my education. The instructors don't seem interested in what they teach and the selection of courses is very focused on doing good math using a dated programming language.
I have to say that I have had one instructor who is very interested in security and writing quality code. Coincidentally he teaches only one class per quarter and runs a local software company during the day. I'd go as far as to say he's not even a "real" professor.
So that reduces the number of excellent security instructors to nill at WWU.
These comments make a huge difference in my views about Microsoft's stance on security. I still think the focus on security has been a long time coming in Microsoft software. I realize that there are only so many people who can put only so many hours into
making the programs we use but I think a reasonable request from the users would be that developers listen to Howard's comment.
It seems to me that time and money are often spent in the wrong place. The developers of Outlook spent time writing warnings about opening attachments and even made attachments an optional feature (to be enabled by the user manually) but that time may have
been better spent on improving the internal workings of the application to withstand more subtle attacks.
When users run attachments they do so at their own risk. It is not Microsoft's responsibility to prevent users from breaking their own system. Car manufacturers don't control the brakes and steering of the cars we drive. The cars don't crash themselves... nor
do they speed and run red lights.
Maybe Microsoft should spend time on user education rather than locking down the system. If my mother saw an ad on TV telling her not to run email attachments unless she knows what they are she would probably be more receptive than when she calls me up and
says "Why won't Outlook let me open any attachments?"