Gates outlines initiatives for improving network security
- By William Jackson
- Feb 24, 2004
SAN FRANCISCO'Microsoft Corp. this week will release specifications for a pair of security standards aimed at making online computing safer, Bill Gates said today.
Gates, Microsoft chairman and chief software engineer, announced the initiatives at the RSA Security Conference.
The company will release a draft of a Web services security standard designed to improve communications between applications. Gates said he hoped to see draft become a formal standard.
Microsoft also will unveil a technical proposal for a technology called Caller ID for E-Mail. This tool will help authenticate that e-mail is from who it appears to be from, he Gates said.
'Avoiding domain spoofing is a major goal for us,' he said. Microsoft will offer the technology royalty free to Internet and e-mail service providers. 'We believe that by this summer we can have that in place.'
E-mail authentication is a key Microsoft strategy for controlling spam. Spammers are becoming increasingly good at avoiding content filters, and authentication of e-mail is necessary to solving the problem, Gates said.
The proposals are part of Microsoft's Trustworthy Computing initiative, a multibillion-dollar effort announced in 2002 to improve the security of the company's software products, the applications that use them and the platforms on which they run.
'Over the last few years we have made a lot of progress,' Gates said. He cited the low number of critical or important security bulletins issued for Windows 2003 Server in its first year of release. Microsoft released nine bulletins over the past year, compared with 38 bulletins released in the first year after the release of Windows 2000 Server.
Gates also accepted some blame for the vulnerabilities that persist in Microsoft products. 'We did not make it absolutely clear to our customers' that patching and configuration management are critical on systems with interfaces to the Internet, he said. 'The responsibility comes back to us.'
Microsoft allots $6 billion a year to R&D, and the bulk of the funds go to security initiatives, Gates said. One of the next products of that spending will be Windows XP Service Pack 2, expected by July. SP2 focuses on security rather than functionality and will include a number of new features, he said.
A Microsoft Firewall will be on by default in the service pack. Because this interferes with some applications, dialog boxes will let users open ports for specific apps as long as the app is running and then shut. It also will have a new setting, 'On with No Exceptions,' that can be used for untrusted environments.
Internet Explorer will have improved pop-up blocking and will allow blocking or loading of ActiveX Controls at the user's discretion. The service pack also will include a Windows Security Center that will centralize security settings, display the status of settings and recommend actions.
The company further is developing an Active Protection Technology, now in alpha release, to help prevent and contain malicious code activity and help manage patches. There is no date for its release.
'I'm basically optimistic, although there are many years of work ahead of us,' Gates said of the future of online security.
William Jackson is a Maryland-based freelance writer.