Former Microsoft exec Steven Sinofsky shares some war stories

A look back at some of the most challenging times dealing with internet security from Microsoft’s perspective

Last Updated on

Steven Sinofsky, formerly head of the Microsoft Office and Windows teams, is taking a look back at some of the tough times in his tenure at Microsoft. He was at the company during some of the biggest internet virus scares, with viruses like ILOVEYOU threatening the security of millions of Windows computers around the globe, just as people were getting to grips with technologies like email.

Some of the biggest threats to Windows as a secure operating system happened back during the early days of the internet, where the open nature of Windows PCs resulted in excellent flexibility for software like Office, but also left gaps for “bad actors” to abuse. Sinofsky explains:

“The ability for bad actors or even pranksters to wreak havoc on the growing and newly connected PC infrastructure became a major liability for Microsoft. Yet our products were behaving exactly as designed, and customers appreciated those design patterns—extensibility was a major selling point of Office and a major part of our product and engineering efforts. As soon as we introduced the functionality changes, new viruses were created that circumvented what protections were in place.”

Some of the worst viruses of the time were distributed via email, the worm “ILOVEYOU” was spread by automatically pulling email contacts from programs like Outlook, and sending itself to all the email contacts the user had saved:

“The infection was started by an email attachment with the name “Love Letter,” which was a hidden program and not a letter at all. Any email program would have been vulnerable to this method of transmission, which simply required the user to open the file on their PC, but Outlook was not only the most prominent, it was also the most easily programmable.”

Security is as important today as it was back in the 90s and early 2000s. Operating systems and the software we run on them has become much more sophisticated, users have gradually become accustomed to being careful with email attachments and being more careful about what they click on online, and bad actors have also stepped up their techniques to, with more creative and sneaky attempts to get one over on users with technology. Windows and other Microsoft software is far more secure than it has ever been in the past, but it still pays to be cautious with regards to security when using any internet-enabled devices.

You can read Sinofsky’s full writeup of this time in his career over at Fast Company.