Microsoft Prioritizes Profits Over Protection, Says Industry Expert

AI Written Human Edited

Microsoft's Dangerous Addiction to Security Revenue

A recent episode of the popular Security Now podcast featured an impassioned critique of Microsoft's security practices from industry expert Alex Stamos. Hosted by Leo Laporte and Steve Gibson, the show dissected Microsoft's disclosure of a major breach of its systems by a Russian state-sponsored hacking group.

Stamos, former chief security officer at Facebook and now with the Krebs Stamos Group, accused Microsoft of negligence in securing both its own systems and its products. Despite 21 years passing since Microsoft pledged to make security a priority, Stamos characterized their response to the latest incident as "arrogant and circumspect."

Stamos highlighted how Microsoft appears to be deliberately withholding vital security protections from its cloud offerings in order to charge extra. He specifically called out features like multi-factor authentication and advanced threat detection that should be provided by default. Yet Microsoft bundles them into premium add-ons and upsells.

Both Laporte and Gibson agreed this prioritization of profits over protection is "morally indefensible." Laporte explicitly connected it to Microsoft's controversial practice of ending security updates for older Windows versions that are still widely used. This forces unwanted upgrades solely for commercial gain rather than security needs.

Stamos urged Microsoft to "rededicate themselves to shipping products that are secure by default." Though competition in the enterprise cloud space is limited, such anti-user practices could eventually backfire. For now, all Microsoft customers should evaluate their exposure and not assume that needed security is automatically included with their products.

Become a subscriber and never miss an episode: Security Now

All Tech posts