REDMOND, Wash. — Microsoft was once the epitome of everything wrong with security in technology. Its products were so infested with vulnerabilities that the company’s co-founder, Bill Gates, once ordered all of Microsoft engineers to stop writing new code for a month and focus on fixing the bugs in software they had already built.

But in recent years, Microsoft has cleaned up its act, even impressing security specialists like Mikko Hypponen, the chief research officer for F-Secure, a Finnish security company, who used to cringe at Microsoft’s practices.

“They’ve changed themselves from worst in class to the best in class,” Mr. Hypponen said. “The change is complete. They started taking security very seriously.”

Still, episodes of online hacking have become even more startling, including the theft of personal data from millions of Target customers and terabytes of private emails from Sony Pictures Entertainment (and both companies use some Microsoft products). While Microsoft has not been blamed for the attacks, critics have insisted that the tech giant do even more to make digital systems resistant to breaches and snooping.