Craig Newmark over at Marginal Revolution wonders whether Microsoft isn’t getting bashed for what it fails to bundle as well as what it bundles. The idea is that security software should come with Windows, but that would be bundling.

At the end of the post, Craig wonders:

I think the primary reason is that Microsoft was surprised by the extent of the problem, similar to how it was surprised in the mid 90s by how rapidly and deeply the Internet caught on.

But it sure would be hard to prove that.

Yes, it would–especially given that they’ve claimed to make Security Job 1 for the last two years, and that was after considerable bashing/warning/advising from the tech community.

The problem isn’t that MS fails to include an antivirus package and a firewall in Windows by default (though MS doesn’t prevent a PC manufacturer to do so, unlike bundling alternate Web browsers or media players). It’s that what they currently bundle is configured so insecurely.

The common thread of most of the recent worms has been a dependence on Outlook, which is bundled with Microsoft’s other monopoly, Office. Outlook will trigger an included script even when you don’t preview or open the message but merely highlight it. Windows also allows scripts and programs to make changes to the operating system without notifying you.

None of this is true on alternate operating systems or even mail clients. I could go on about the inherently insecure settings and features of Windows, but that’s been well documented elsewhere. Let’s just conclude by saying that bundling isn’t the problem, and if they’ve missed the boat on security, they haven’t displayed the kind of catchup rush that they did with the Internet.