(Technically, it’s probably more a dilemma than a quandary, but I like the phrase perilous quandary.)

Driver coverage is always a sticking point for Windows deployments. If the Windows CD doesn’t include a driver for your particular hardware, you’re probably going to say, “Windows sucks. I installed the latest version on my machine and it didn’t work with my video card/sound card/network card/whatever.” The people who are responsible for deciding which drivers are included on the CD have to balance a lot of factors. How popular is the hardware? Will the hardware vendor allow Microsoft to include the driver on the Windows CD? Is the vendor willing to spend the additional effort to get the driver WHQL-certified?

Even after Windows ships, the struggle is not yet over. I was reminded of this when I learned of a hardware vendor whose driver on the Windows CD was discovered to contain a security flaw. The following is a completely fictionalized version of the conversation that took place with the vendor.

“Hey, it looks like there’s a security flaw in the driver you gave us to include on the Windows CD. «details omitted» Can you take a look at it and tell us what you think?”

— Yes, it appears to be a flaw in the x.y version of the driver. It is fixed in the x.z version.

“Great, can you send us a copy so it can be made available on Windows Update?”

— No, we’d rather distribute the updated driver through our resellers.

“Our data (based on information anonymously and voluntarily provided by Windows users) shows that of all the Windows customers who have your hardware, only 5% of them are running version x.z or higher of your driver. The rest are still running version x.y or earlier. Please reconsider your decision.”

— Thanks for the offer, but we would prefer to distribute the updated driver through our resellers.

Negotiations continued for three months before the vendor agreed to allow the updated driver to be distributed on Windows Update.