The M$ Virus
The facts many prefer to ignore

•  HOME  •  THEORY  •  PRACTICE  •    •  LOGIN  •  FORUM  •  CONTACT  • 

If you want to know why Microsoft products are mandatory in many government departments worldwide
the following little anecdote may cast light on the mystery.

Let's say you're the director of a medium-sized government department with a generous budget and a number of … shall we say, off-balance-sheet advantages for senior management. Assume further that your IT contracts are up for annual review, and the CIO is recommending a transition to Open Source solutions (whatever they are) with the sort of enthusiasm that you just know spells trouble. These computer types are simply not sound in the sense that Sir Humphrey knows so well.

You therefore undertake to meet with prospective suppliers personally, in order clearly to understand what exactly they are offering. The selection process has reduced their number to just two; the Open Source supplier that your CIO is so keen on (the "OS guy" as he calls him), and the Microsoft representative who has met your requirements now for more than a decade. Your secretary has set up meetings with both and posted them in your Blackberry.

Ten days later you walk into the office about 9:30am (and with a rather bad head from last night's business meeting) to find that the "OS guy" has been sitting in your waiting room for forty minutes. After sending out for coffee, you invite him in, to be confronted with an immediate barrage of bright-eyed geek jargon, accompanied by a welter of paperwork spread across your desk, and the coffee hasn't even arrived! Wearily, you explain that, as the Departmental Director, you cannot remain up-to-date with the latest technical developments, but would prefer an explanation centred on benefits and outcomes relevant to the department's needs. This creates a momentary hiatus, lengthened by the arrival of coffee and some of those delicious French pastries (that pretty new intern has definitely earned another trip to Fiji). Undeterred by culinary excellence, your antagonist soon launches into another technical tirade, but this time peppered with words such as transparency, audit, and message logs that immediately ring alarm bells. Finally, you thank him for his remarkably insightful presentation, assure him of the near certainty of the success of his bid, ask that a formal quotation be forwarded at his earliest convenience, and show him to the door. Just as well you did this yourself and kept the CIO out of it!

The Microsoft rep is scheduled two days later, but at the appointed time of eleven o'clock is not in evidence, an encouraging sign. Fifteen minutes later he is shown in to your office, hearty, affable, and full of apologies for having been delayed by traffic. So difficult these days, as we all know. He settles down and asks about the department's progress since his last visit, enquires about any problems being experienced, and commiserates with the latest government enquiry, surely politically motivated, requiring detailed reports of minutiae that are quite pointless, but necessary nonetheless. Finally he looks at his watch and remarks, "Surely that can't be the time!"

He then insists on buying you lunch in order to atone for his tardy arrival. There is a little restaurant around the corner you might know of – The Champagne Quail? Yes, you do, but only on someone else's expense account (which he assures you is the case) and to which you repair in anticipation of a satisfying meal and a successful outcome.

The paté is excellent as always, the steak just fainly pink in the centre, and the bombe quite delightful, though perhaps a trifle too rich; but the superb coffee and Galliano conduce to frank and productive conversation, to which your host now turns.

"As you know," he begins, "our company has met the needs of your department now for more than a decade. What you may not know are some of the … er … technical features that are of most benefit in today's complex IT environment."   This is the stuff!   "Fortunately, our company is only too well aware of the disruption and intrusion caused by the endless reporting requirements faced by today's large organizations."   Tell me about it!   "Of course, we fully agree with the demands for transparency and accountability that all competent organizations must meet, but one must take a … flexible approach to such requests, and adopt innovative measures in compying with them."   Yes, of course!

"For example, a common requirement is to submit all email correspondence within the department to be used as evidence in any subsequent proceedings. This is, of course, entirely inapproriate, since email is an informal medium that often contains sensitive and private material that is easily misinterpreted outside of its original context. As the Director of the Department, I'm sure you've had to deal with such matters."   Bullseye. Keep going.

"Allow me to present a hypothetical case that illustrates certain possibilities you may not have envisaged. Let's say you collate and submit your deparment's emails to an investigating body, but it's subsequently discovered that some are missing, and you are required to account for them. This can, of course, be most difficult?"

"Yes, definitely!"

"What you may not have realized is that, from time to time, all email systems are attacked by viruses and spam email attachments that are impossible to eliminate entirely. One can merely do one's best."

"Yes, yes! We've had several such instances, I believe."

"My company is aware of this problem, and keeps an accurate record of the appearance of such malware, as we call it, the measures needed to counteract it, and the dates on which such countermeasures are installed on your system. In such a difficult circumstance, we can present you with a forensic analysis of your system as a formal report. Of course, an appropriate fee must be charged … "

"Of course!"

"… but in return we do our best to ensure that the report reflects your specific requirements. We do ask, of course, that appropriate consultation occurs prior to the report's submission, but only to ensure that it satisfies your exact requirements."

"That sounds most appropriate. But do these … er … malware attacks occur very often? I mean, if there are certain … missing emails that can't be accounted for … "

"Yes, I understand. But, you see, the software in a large department such as yours is always customized to suit your requirements. What this means, in practice, is that the timing of malware attacks varies from platform to platform … from computer to computer, as it were … and it's highly unlikely that … shall we say … an appropriate time interval could not be found to exist at the time of your misfortune."

"I think I now understand the bigger picture."

"Of course, at the end of the day, someone must be held accountable; but it's usually the case that certain of the software engineers have not abided by the recommended schedule in upgrading their security configurations and utilities. After all, our systems are the most secure in the industry, but they can only be as good as the care and attention of maintenance staff, and they're not always as dilligent as they should be."

"No, definitely not! So it may be necessary to … retrain those responsible?"

"Certainly, and we can assist with this, even if they've been made redundant in the process."

"Then may I say what a pleasure it is to be dealing with a true professional, and assure you that your relationship with my department will continue. In fact, I'd like to propose that we discuss a closer liason in order to maximize the security and reliability of our IT infrastructure."

And so yet another successful negotiation between Microsoft and one of its many clients is concluded.