January 23, 2003 10:15 PM PST

Gates vows better security for customers

Related Stories

One year on, is Microsoft 'trustworthy'?

January 16, 2003

Trust or treachery?

November 7, 2002

Gates: Security is top priority

January 17, 2002

New worm slows some Internet operations

September 18, 2001

Code Red for security

July 27, 2001
Microsoft Chairman Bill Gates said in an e-mail Thursday that the software giant has taken great strides to secure its products, but acknowledged that the company still has far to go to achieve its goal of "Trustworthy Computing."

The e-mail message to Microsoft's customers is the latest monthly missive sent by the company's executives as part of a customer-relations drive known as Executive Emails. Coming a year after Gates exhorted company employees to focus on security, privacy and reliability, the memo predictably focuses on the results of that initiative.

"While we've accomplished a lot in the past year, there is still more to do--at Microsoft and across our industry," Gates wrote in the e-mail message, citing data from the Computer Security Institute and the FBI that estimated the damage from cyberattacks in 2001 at $455 million.

Two large incidents--the Code Red and Nimda worms--were a wake-up call for the software giant in 2001 and directly led to Gates' call to arms for the company.

"As we increasingly rely on the Internet to communicate and conduct business, a secure computing platform has never been more important," he wrote in the latest memo. "Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated."

In the past year, the software giant has retrained 11,000 developers in the basics of secure programming at a cost of more than $200 million in lost productivity, according to Microsoft estimates. Most of the effort will be first evident when the company releases Windows Server 2003, now due out this April after three delays.

However, Gates outlined several other projects that Microsoft completed this year that the company's executives have touted as illustrating the giant's dedication to Trustworthy Computing.

To increase the security of its software during the design process, the company has interjected a handful of new analyses and security checks. A technique known as threat modeling, where designers and programmers hash out the largest security threats to a given piece of software, has become a core facet of the company's design stage, Gates said in the memo.

"Fully one-half of all bugs identified during the Windows security push were found during threat analysis," he wrote.

Gates also expounded on the need for new security technology, such as that embodied by the company's controversial Palladium project, to eliminate "weak links" in computer systems.

Looking forward to what he called the coming "Digital Decade," Gates warned that as "billions of intelligent devices" are interconnected new threats will emerge.

For the time being, however, he urged patience for the company's efforts and perseverance for those on the front lines.

"There are three things customers can do to help: 1) stay up-to-date on patches, 2) use antivirus software and keep it up-to-date with the latest signatures, and 3) use firewalls."

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.