Since 2003, Bruce Schneier writes at Wired News, Microsoft has batch-released its software patches on the second Tuesday of every month — some folks call it Patch Tuesday. We are left to assume that Microsoft realizes some cost-efficiency from the practice, and perhaps a public relations benefit as well since no company wants to admit more often than necessary that its product is somehow broken.

Since many of the patches address known security vulnerabilities, the downside potential of Patch Tuesday for consumers is exposure to attacks for up to a month.

This is a risk profile Microsoft is willing to live with until further notice.

Which is why it’s notable that when, in the last week of August 2006, someone posted a hack to defeat Microsoft’s digital rights management software, PlaysForSure, the company issued a patch in just three days.

Mr Schneier, Chief Technology Officer at Counterpane Internet Security (and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World), concludes that Microsoft’s behavior "clearly demonstrates that economics is a much more powerful motivator than security."

He notes that Microsoft is not a charity — there are foundations for that — while still holding the company’s feet to the fire for short term thinking:

. . . if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.

Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.

Schneier calls Microsoft’s digital right management efforts a losing game and argues, "If Microsoft abandoned this Sisyphean effort and put the same development effort into building a fast and reliable patching system, the entire internet would benefit. But simple economics says it probably never will."

This is one of those scenarios that tests the rising tide lifts all boats argument, but from a different side than we’re used to. How difficult is it for Microsoft to maintain a business model that works for the prosperity of its customers — treating customers as Microsoft wishes to be treated? How hard is it to believe that making customers happier and more successful will result in greater success for Microsoft? [Full Disclosure: I work in the Macintosh environment and the only Microsoft-branded product I use is Microsoft Office for Mac 2004, a suite of tools that works well and for which patches have been few and far between. I would not have said that about the prior version which I found buggy and unstable throughout the two months I used it.]

Setting aside for the moment the legal and ethical facets to this story — that Microsoft should not in fact have to defend its property or the property of its media partners from vandals and thieves — let’s focus for a moment on a situation Microsoft could do something about right after lunch today. Microsoft could start making better products. Like Taco Bell, Microsoft could take the burden off it’s marketers to make up stuff (which they do very well, incidentally) and retire to the kitchen to cook up something much better than what they’ve been serving.

That may be precisely what Microsoft is attempting to do. Until they release the new operating system we won’t know. Meanwhile they are wise to keep people waiting until they get it as close to right as they can.

The gotcha — or at least one gotcha — in all this is how utterly impossible it has become to build a significant brand and fly under the radar. Mr Schneier is not a consumer watchdog; he’s a power user (perhaps a megapower user). There are X more people who know more or less what he knows, who pay attention to the way Microsoft conducts business every day and who can and will express their opinion about that to anyone who cares to listen. The same goes for customers of General Electric, Google, Nike, Amazon, Pfizer, Ebay, CBS, Bank of America, the New York Times, the Pittsburgh Steelers, Disney, Archer Daniels Midland, the United States Senate and the Catholic Church. And your company. And ours.

There is a different level of accountability at work these days. Or perhaps the same kind of accountability more widely distributed. Today, anyone who can read is your neighbor and has a nice view across the fence to your back yard. If you do well, folks may talk about you; if you screw up, they certainly will. And the threshold for screwing up is more quickly crossed because more people are watching more of the time and measuring your performance against the best providers in the world (no matter that those providers have nothing to do with your business category — customers expect Nordstrom|Ritz-Carlton treatment from the guy who changes their oil. It hardly matters if this is fair. It simply is.

Now more than ever, sustainable success depends on integrity — the total integration of what we say with what we do, individually and corporately. As the ancient proverb has it:

The LORD abhors dishonest scales, but accurate weights are his delight. When pride comes, then comes disgrace, but with humility comes wisdom. The integrity of the upright guides them, but the unfaithful are destroyed by their duplicity.

— Proverbs 11: 1-3

Integrity or Duplicity. No company has to cheat to be regarded as duplicitous these days — it only has to say one thing and do another in its customers’ eyes.