Microsoft confident in security push

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-965759.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
November 13, 2002, 5:27 PM PT

MOUNTAIN VIEW, Calif.--Ten months after Microsoft Chairman Bill Gates
called on company employees to make Windows more trustworthy, a
company executive said the initiative is paying off.

Speaking at the software giant's monthly Silicon Valley Speaker
series, Craig Mundie, senior vice president for advanced strategies
and policy, said that headway has been made in the company's
Trustworthy Computing initiative.

Other companies will have to follow suit or potentially lose consumer
trust, he said.

"Beyond Microsoft, (trust) will be the defining issue for the
industry," he said. "If we want to enjoy the business and results we
will have to put our IQ into dealing with this issue."

The speech comes a year after Microsoft declared at its Trusted
Computing conference that security had to be a higher priority for
computers connected to the Internet.

One bright spot in the company push is the creation of error-reporting
software. The software allows volunteers using Windows XP to let their
computer automatically report any bugs that may have caused an
application to crash.

While Microsoft's new initiative makes catching bugs a priority, the
new software also allows the company to address security issues before
consumers get overly frustrated.

The bug-collecting software has shown that one percent of application
errors are responsible for nearly 50 percent of all crashes. And the
top 20 percent of errors account for more than 80 percent of all
problems.

"It lets us know what is going on in the real world; the panoply of
cases of which there is no possible way you could test," Mundie said.

The company also counts privacy enhancements to Media Player 9,
unveiled in September, as a success. The feature forces users,
immediately following installation of the software, to set a privacy
policy for how the Media Player handles their information.

The security push hasn't been without some cost, however. Soon after
Gates' memo, Microsoft stopped Windows development so that the company
could train developers and project personnel in secure programming
practices. The total cost for this project topped $100 million, Mundie
said.

Microsoft has also pushed back its next generation of server software,
.Net Server. Among the reasons for the delay is the company's new
focus on security.

Phasing out older, more vulnerable versions of the Windows operating
system has also been poorly received. Microsoft no longer supports
Windows 95, and recent vulnerabilities that could affect that
operating system's security have gone unpatched--despite the fact that
the operating system is still widely used.

The move is part of the initiative to make the supported installed
base more secure, Mundie said.

"Even if it means we break some applications, we are going to make
things more secure," he said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.