January 27, 2004 7:41 AM PST
Gates takes swipe at Apple, Linux security
- Related Stories
New virus infects PCs, whacks SCOJanuary 26, 2004
Security a work in progress for MicrosoftJanuary 15, 2004
Microsoft publishes program to blast MSBlastJanuary 6, 2004
A 20-year plagueNovember 25, 2003
Gates gambles on LonghornOctober 28, 2003
Microsoft releases monthly security fixesOctober 15, 2003
Microsoft moves beyond patchesOctober 1, 2003
As the latest mass-mailing worm spread across the Internet on Monday, hitting Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on Feb. 1, Gates stressed the importance of security to his company's products but said companies such as SCO were courting danger by sitting back.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"To say a system is secure because no one is attacking it is very dangerous," said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple's Macintosh OS and the open-source software Linux.
Noting the large number of major virus epidemics during the past two years, Gates said that in some ways, "hackers are good for maturation" of the platform, because they have forced the company to develop new inspection techniques for the code.
But patch management continues to be the largest headache, Gates said. "Everybody who had their software completely up-to-date (during the epidemics) was immune to those problems. But only 20 percent of our customers were, so obviously, we weren't doing enough."
From the first experiments
to today's epidemics,
computer viruses have
come a long way.
Gates said "virtually all" Microsoft customers are now using automatic patching, but in the past, even this has proved problematic. Last August, many companies were left open to a new virus, because a flaw in the Windows Update service led them to believe--wrongly--that they were protected from MSBlast.
Microsoft software architect Chris Anderson, who is working on Longhorn, explained another problem with patches: "Today, virus writers don't find holes," he said. "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours."
Gates also said Microsoft is looking at ways of developing e-mail protocols so that a recipient can verify the sender of the e-mail. "This is critical for security," he said, "and for getting rid of spam."
Matt Loney of ZDNet UK reported from London.