because in 1995 when autorun was introduced viruses on home computers were an oddity and the internet was a place for nerds. There was no need to be concerned with such security. In later windows the functionality was kept because it was expected to be there by device manufacturers. When external flash and hard drives appeared windows 98 saw all media, regardless of what it was, not connected during boot up as something to be "auto run." By the time there was any separation between media types in windows (windows xp) there were already people using such devices with autoplay features... including manufacturers of the devices themselves.

The only reason it is changing now is that, shortly after xp landed on desktops world wide, spyware and self disseminating viruses became the norm... leading to the current security crazy.

Your big mistake... and honestly its a pretty common one among techies... is you are worrying too much about what to tell them and not enough about how. I know people and know computers... and bringing the two together isn't hard. You just have to remember that, unlike machines, people care as much about your tone of voice, your body language, your cadence, your word selection, etc as they do about the actual point you are making. They care as much or more about these things than they do about the raw data.

It's a shame I didn't see this post sooner cause you will probably never read this but I have been working as a computer tech professionally for over 10 years. In that time I have discovered that I have a talent for sales and I can make my sales without bending the truth or leaving out important details because my honesty not only engenders trust but my entire attitude and approach is geared toward helping the customer make the individual best decision for their circumstance... not selling the current item that nets me the best commission or advancing my pet agendas.

Make the client feel comfortable that you aren't just telling them what you are because your company demands it of you or you have some fetish towards open source. Care about the clients well being... you're not trying to sell a product, you are trying to help them make the best decision for their selves that can be made. They know their circumstances and you know the industry and when they come to you to show them how the industry can help with their circumstances you make sure they come out on top. The thing is that this might mean telling them to go with a competitors product. This honestly might mean telling them to go with closed source.

Honestly, you have already admitted to telling clients open source is more secure than closed source without having any facts to back you up (or at least none you are willing to show clients). I personally believe that open source is more secure than closed... but I can back that up if I have to and I feel confident my reasoning is sound enough to share with a client. You need to be able to too.

If you aren't willing to listen to a customer and honestly consider their point with the possible result being telling them that closed source is better int their case... then you need to be one hell of a hustler. Used car salesmen in tuxedo type hustler. Otherwise you have already lost simply because MS got there first and the people they hired to get them there first really are that kind of hustler.

In the end it comes down to convincing the customer that your top allegiance (after yourself) is to them. Telling them that will just make you look fake... so you will have to convince them some other way. That is the secret of being good at sales. Having a really good understanding of your clients' wants and needs and being knowledgeable enough to sound like you could write books on the subject your discussing are both major pluses as well.

Also... though im sure it was said in the avalanche of text that came before me... point out two things to the clients. First off it is not possible to "prove" that a product is more secure than another. There are factors beyond imagining involved in a product being or not being secure. Thus them asking for proof is from you or from the MS people is not easy to come up with an honest answer that is very convincing without first explaining a number of things.

As for what to say... start the theory behind why open source is more secure. Theories are not proof but when you get right down to it there is no proof that the faster you move through space the slower you move through time... but we have theories and those theories are themselves backed up by evidence. Those theories have been applied time and time again in the real world to create working technologies like microwaves and electron microscopes. And these theories point to the slowing passage of time in any cased where the passage of space increases. From there move into statistics. Statistics are also not proof, but they are a good indicator of trends and make empty theories look like they are more than just theories.

The theories behind why open source should be more secure are sound and the statistics back that up. All you have to do is package that message in a way that convinces client and makes them feel at ease.

Also, it would probably help to use MS's tactic against them here and point out that, while the source code being available might make it easier for hackers to find exploits, it also helps those who want to make the program better find them too. Point out as well that if an exploit were to be found before it was patched that because open source is open it would likely be fixed faster as well (more statistics on that subject would be good as well). Answer the questions as best you can and, if the client is really worried about it, offer to find the answers to the ones you can't (if your company will allow that, I suppose that depends on how badly your company wants to keep clients). Have a ready made template email with links to the statistics and alternate source of other studies that show similar results ready to go and offer it to the client.

Simply put, treat it like you would an up coming sales pitch. You know they are going to call. Be ready. Be professional. Be the clients ally in the war on hackers. Don't let doubt show up in your voice, your body language, or your wording... you are right and they should listen to you. Otherwise why would they? They need help and you can help... and will if they want you to.

While you're at it take a look at the 10 years leading up to WWII. Walking around with their flies open didn't work out too well for France and Great Britain did it?

Look diplomacy should be the first line, absolutely, and the second line too if that's possible... but the weapons should be there as well as a deterrent from letting diplomacy break down. Hell, if nothing else be grateful that nuclear weapons kept the cold war from becoming WWIII. Do you really think something like the cuban missile crisis wouldn't have happened just cause no bombs existed? No the Soviet Union would have started a troop build up there instead of a missile build up. Better yet imagine if we had far fewer Nukes than the USSR at the time because we had agreed to disarmament while they secretly built up.

And the UN? How are UN inspections going to work in space? Hmm?

I'm all for diplomacy... I'm not for sticking my head in shark's mouth and saying "let's be friends." That's just stupidity.

"I HATE the way Microsoft's evangelists have switched to this "Blame the user" mentality to try shift attention from their failures. It's hypocritical, dishonest, and most of all, it allows them to sit on their laurels and continue serving up variations of the same stale OS they've been facelifting for the past 15 years."

uhm... ok... I agree that it's ridiculous to blame the users. I also agree that this does happen among the less experienced Windows stalwarts. But the majority of knowledgeable computer techies admit that Windows has problems when it comes to usability. And no, building your own computer or writing your own program does not make you knowledgeable in this context, especially considering these tasks are often outsourced to be preformed by people who don't even have a high school level education.

Don't try to claim this is a MS only problem. In the hands of a novice a Linux computer is only more secure than a windows machine for two reasons: 1. a compromised user account doesn't compromise the entire system and 2. there are fewer "hackers" targeting Linux.

Most of the damage that happens to Linux systems is from users who didn't know what they were doing and screwed crap up. The same thing can be said about Windows. But if you take security related problems out of the equation and limit the scope to problems like deleting important files and stuff like that Linux gets a lot more of that. In fact, without the security issues on Windows, Linux has more problems over all than Windows.

Look, they both have problems. Nether one is inherently better than the others. I use both every day and like both of them. I just get really tired of the Linux Fanboys running around hissing "M.SSSSS. issss eeevviiilllll" every chance they get. Especially when, in my experience, most of Windows' problems are a result of its popularity (not MS's mistakes) while most of Linux's (and open source in general) problems are a result of bad design choices by its developers.

And yes, it is obvious that you're a Linux Fanboy. The unmitigated Anti-MS Rhetoric you're spewing gives it away.