[ISN] Microsoft announces corporate strategy shift toward security and privacy

From: InfoSec News (isnat_private)
Date: Thu Jan 17 2002 - 02:11:59 PST

  • Next message: InfoSec News: "[ISN] FBI warns law enforcement, Internet companies of possible terrorist activity"

    Associated Press Writers 
    Wednesday, Jan. 16, 2002 
    WASHINGTON (AP) -- Microsoft Chairman Bill Gates announced a major
    strategy shift across all its products, including its flagship Windows
    software, to emphasize security and privacy over new capabilities.
    In an e-mail to employees obtained Wednesday by The Associated Press,
    Gates referred to the new philosophy as ``Trustworthy Computing'' and
    said his highest priority is to ensure that computer users continue to
    venture across an increasingly Internet-connected world.
    Gates compared the significance of his 1,600-word message, sent
    Tuesday, to his so-called ``tidal wave'' e-mails during the mid-'90s,
    which changed the course of Microsoft, and much of the software
    industry, to focus its products on the Internet.
    He said this new emphasis on security for Microsoft was ``more
    important than any other part of our work. If we don't do this, people
    simply won't be willing -- or able -- to take advantage of all the
    other great work we do.''
    ``When we face a choice between adding features and resolving security
    issues, we need to choose security,'' Gates continued. ``Our products
    should emphasize security right out of the box.''
    The dramatic change comes after the discovery of major security
    problems in Microsoft products, such as flaws in the latest versions
    of Windows that allow hackers to seize control of a user's computer.  
    Another problem allowed the Code Red viruses to cripple hundreds of
    thousands of computers running Microsoft products.
    ``Gates saying that security needs to come before features is a huge
    statement for the software industry, not just a huge statement for
    Microsoft,'' said Marc Maiffret, the founder of eEye Digital Security
    Inc., which discovered both the XP flaws and the Code Red viruses.  
    ``If anybody has the ability to shape the software industry, he's the
    David Smith, vice president of Internet Strategy at Gartner Inc., an
    analysts firm, welcomed the move but said the strategy shift may be
    coming too late. Smith faulted Microsoft for developing broad,
    Internet-based strategies without paying enough attention to security.
    ``It's about time, perhaps overdue,'' Smith said.
    In the e-mail, Gates also referred to the Sept. 11 terror attacks as a
    reason to focus on security. He noted that last year's events
    ``reminded every one of us how important it is to ensure the integrity
    and security of our critical infrastructure, whether it's the airlines
    or computer systems.''
    Other Microsoft executives declined to comment late Wednesday.
    Shares of Microsoft were down $1.68 Wednesday to close at $67.87 on
    the Nasdaq Stock Market, but they gained 38 cents in extended trading.
    Microsoft products can be found in almost every government facility,
    from the White House to aircraft carriers at sea. One person with
    knowledge of the change said new products and features will be tested
    for security risks before going any further -- if they fail, the
    feature won't be included.
    ``Things are going to have to go through a crucible, and the crucible
    will be security-first,'' according to this person, who spoke only on
    condition of anonymity.
    Compensation plans of Microsoft product engineers, such as raises and
    bonuses, will also be tied to how secure their products are.
    Russ Cooper, a security expert with TruSecure Corporation, said the
    change occurred in part after a new security team assigned to attend
    every product meeting met resistance from product teams.
    Microsoft has long been criticized for focusing on making products
    more feature-rich rather than emphasizing security and stability. For
    example, Windows XP added DVD player-software, a rudimentary Internet
    security utility and a new instant messaging program.
    Customers could also see a downside, though. Other than fewer new
    features, product upgrades could come less frequently or could be
    pushed back.
    Privacy is also a focus.
    ``Users should be in control of how their data is used,'' Gates wrote.  
    ``It should be easy for users to specify appropriate use of their
    information including controlling the use of e-mail they send.''
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 16:08:23 PST