March 31, 2004 1:03 PM PST
Gates reports on security progress
- Related Stories
Windows XP service pack gets face-liftMarch 17, 2004
Microsoft lays out management software planMarch 16, 2004
Gates: 'Everything' impacted by security concernsFebruary 24, 2004
Microsoft drafts allies to squash wormsMay 19, 2003
Microsoft's plug-and-play biometricsApril 28, 2003
Gates memo: 'We can and must do better'January 17, 2002
"Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero," Gates wrote in a Microsoft Progress Report, the latest
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Gates said the effectiveness of new security measures adopted as part of Microsoft's "trustworthy computing" initiative is borne out by numbers. The number of "critical" and "important" security bulletins issued in the first 320 days of availability for Windows Server 2003 was nine, he wrote, compared with 40 in the same period for Windows 2000 Server, the previous version of the server operating system. SQL 2000 generated three such bulletins in the 15 months after the release of Service Pack 3, a collection of bug fixes and updates, compared with 13 in the 15 months before the Service Pack release.
On the desktop, major security improvements will be made to Windows XP with the upcoming release of Service Pack 2, including default use of Windows' built-in firewall and memory management technology to limit exploitation of "buffer overruns," a common avenue for virus attacks.
Microsoft has also improved the delivery of software patches with the new Windows Update Services and System Management Server 2003, a collection of tools designed to let information technology managers quickly test and deploy updates.
Areas Microsoft is researching, Gates wrote, include "active protection technologies" that would let computers respond more intelligently to potential threats. A laptop could automatically employ stronger security settings when connected to a home Internet connection than a corporate network, for example, or when software hasn't been updated for a long time.
Microsoft is also working on "client inspection" tools that would automatically examine remote PCs for viruses and worms before allowing them to connect to a corporate network, plus improved user authentication systems based on smart cards and biometrics.
"Security is as big and important a challenge as any our industry has ever tackled," Gates wrote. "It is not a case of simply fixing a few vulnerabilities and moving on. Reducing the impact of viruses and worms to an acceptable level requires fundamentally new thinking about software quality, continuous improvement in tools and processes, and ongoing investments in resilient new security technologies designed to block malicious or destructive software code before it can wreak havoc."
Gates also touted the company's efforts to educate customers on security issues, including a series of free "Security Summits" being launched in April to train developers and IT professionals and the formation of the Virus Information Alliance to share data on computing threats. "We are committed to major investments in customer education and partnerships that will help make the computing environment safer and more secure," Gates wrote.
1 commentJoin the conversation! Add your comment