Share via


Feedback Requested

There is a debate raging inside Microsoft, and I'd like to get some feedback from our customers.  Currently, Microsoft makes a great deal of guidance available to its customers via its web site.  Some of this content can be downloaded anonymously, but some of it requires authentication (and therefore registering for credentials on the site).  This is similar to other companies (Cisco comes to mind immediately), but there is some question whether we should be requiring authentication for any content.  We are especially whether security content should require registration/authentication, especially given that the security people who would gain the most from the security guidance we provide are the same people who are the most paranoid about privacy and security, etc. (Hey, I'm the same way!)

So, the question is: if there was valuable security advisory material available for free on a trusted website, would you register and create credentials in order to obtain that content?  What if you had to get (or use) a Microsoft Passport account: would that change your mind?

Please respond either in the comments to this post or via the contact link, and thanks in advance for your help!

Comments

  • Anonymous
    December 01, 2004
    Yes, I'd love free Microsoft security advisories. Wait a second ... don't you already provide those?

    My question is, what sort of material are we discussing here? Are you talking about posting highly-detailed security notices that could possibly be used to write exploits? If so, then it makes a good deal of sense to require some form of registration and/or authentication to access such material. Otherwise, I'd have to say that I dislike registration requests. Put all of your content in the open, free to all, no registration required ... UNLESS there is a compelling reason to protect it, like the hypothetical case I mentioned above.

    FWIW, I detest the registration requirements on Cisco's website. Please don't model yourself after them, whatever you choose to do.
  • Anonymous
    December 01, 2004
    We are talking about things like hardening guides, identity management guidance, etc., not detailed security bulletins that could be used to write exploits.

    Good point though, and thanks for the feedback!
  • Anonymous
    December 01, 2004
    Bill,

    i would register using password or any other means - but i wouldn't like it.

    each time i have to 'log in' to some website i'm asking myself: 'what can they possibly gain by forcing me to log in?'.

    in most cases - nothing. as of that, the whole procedure is just an annoyance and nothing more.

    iow: no authentication, please. :)

    WM_MY0.02$
    thomas woelfer
  • Anonymous
    December 01, 2004
    The comment has been removed
  • Anonymous
    December 01, 2004
    Hmm, many times I'm showing other people information from the Microsoft website (primarily MSDN), and I'd hate to be 'slowed' down by being forced to authenticate. Just think of all the conferences, user group talks, and presentations where this happens. Now, I understand that setting up an account is fairly painless... But it's always a hurdle that causes me to sigh when I can't get to it when I'm not on my normal dev machine.
  • Anonymous
    December 01, 2004
    I love the current freedom of information MS provides - it is easily spidered by google etc, and is therefore quick and simple to find and reference.

    I see no reason why you should care who is reading what, and that is all a Passport login adds. (Excluding controlling access to sensitive info, but you've covered that.)

    So generally I prefer it being open like now, so please keep it that way, and don't start putting walls up between you and your customers.
  • Anonymous
    December 01, 2004
    First off, requiring a passport account would not do a single thing to keep hackers away from any sensitive information if it were to be published. However, since that's not what's being discussed, I think that the information under discussion should be made freely available. I hate registering to view stuff. I register using false information now after getting sales calls from companies after viewing their documentation. Although, most of the time I just don't register and skip out on viewing the documentation.
  • Anonymous
    December 01, 2004
    The comment has been removed
  • Anonymous
    December 01, 2004
    I'd be happy to... in order to get more access to MSDN subscription perks. Otherwise, I'd just create a fake account like I often do at most websites, using a disposable email account from www.spamgourmet.com.
  • Anonymous
    December 01, 2004
    Despite having a passport already I don't believe creating a barrier to guidelines is a good idea, both from a user's point of view and from the /. point of view.
  • Anonymous
    December 01, 2004
    Nothing should require authentication, you can always ask for it, but always have an opt out. More than anything else it's a pain to waste time registering for a site when I'm in a pinch and need the information. Plus with BugMeNot and services like that the info you're getting is prob. never real anyway.
  • Anonymous
    December 01, 2004
    Most websites use authentication to cut down on anonymous bandwidth. I'm sure Micrsoft doens't have to worry about that.
  • Anonymous
    December 01, 2004
    The comment has been removed
  • Anonymous
    December 01, 2004
    Oh yeah, and an old saying that seems quite appropriate in this case.

    A lock only keeps an honest person out.
  • Anonymous
    December 01, 2004
    If registration it was part of an IT professional-facing portal tied somehow to the MCP program (making that program worth something beyond marketing), then yes. If this portal could help me personalize and coagulate the raft of technical information available, then yes.

    What benefit is it to me to be forced to register for content that's publicly applicable? By that logic I'd have to authenticate to use Google.