http://www.reuters.co.uk/news_article.jhtml?type=technologynews&StoryID=641941 27 February, 2002 17:57 GMT By Elinor Mills Abreu SAN JOSE (Reuters) - The last time the world's largest software company announced a major shift in strategy, it went on to muscle its way from nowhere to dominance of the market for Internet browsers over industry favorite Netscape. Now with Microsoft Corp.'s MSFT.O founder and resident visionary Bill Gates hammering home the message that computing must be made more "trustworthy," could anti-virus and other computer security companies be facing a Netscape-like fate? Not likely, observers say. Many industry watchers remain skeptical that Microsoft, famous for loading its software with bells and whistles, can learn to put security first. Others question whether it will be technically possible to build hacker-proof software, especially given the sophistication of Microsoft's upcoming Web services offerings. Those services will allow consumers to use a single name and password to log on to a range of online services from banking to travel. But one key to their success, experts have said, will be convincing consumers that their financial information is safe from prying hackers. "Microsoft and security is an oxymoron," said Howard Lev, group product manager of appliances at Symantec Corp. SYMC.O "Historically, they haven't been that interested." Jim Bidzos, chairman of the conferences unit of RSA Security Inc. RSAS.O , a leading computer security company, could not resist taking a jab at Microsoft at a recent conference in San Jose, Calif. "I love the Microsoft security story. I loved it the first time I heard it in 1991," he said as the crowd of computer security professionals erupted in laughter. "The day people who stop products from going out the door because they're not secure enough become heroes then we'll know they're serious." "We managed to embarrass Microsoft into doing something," said Bruce Schneier, chief technology officer of security monitoring firm Counterpane Internet Security. "When push comes to shove we'll see what they do. I'm hopeful, but not optimistic." RIPPLES THROUGH INDUSTRY New Microsoft initiatives tend to ripple through the computer security industry, with many companies bracing for competition from a rival they don't want. Anti-virus companies were nervous, for example, when Windows 95 came out, thinking the new Microsoft offering would cut into their market, according to experts. It was widely believed that the operating system would end virus infestations, and it did for a while, David Perry, director of education at anti-virus company Trend Micro Inc., said. But then came macro viruses and other malicious code that the old software could not stop. Now, there are more than a dozen major virus types, and new ones cropping up all the time, including ones that take advantage of advanced features in Microsoft software, Perry said. "If Microsoft gets its act together, in three years, we'll still have viruses," said Rob Rosenberger, editor of computer security site Vmyths.com. By reducing the number of security bugs in its products, Microsoft could take away some demand for products like intrusion detection and firewall software. But experts say there will always be new security problems whenever new technology is introduced. "People who think that any kind of technological trick is going to end malicious software are committing an error that one can find in classical Greek literature -- hubris," Perry said. PRESSURE FROM CUSTOMERS Even if perfectly secure software is out of reach, software companies, most notably Microsoft, face pressure from key customers to do something to make its products less susceptible to hacking. Noting that the U.S. government is the single largest consumer, Richard Clarke, the White House cyber security czar, made the stakes clear at a recent conference: "We're going to stop buying products unless they're secure." The demands of the marketplace, ultimately, are what will make software makers provide security, and Microsoft has a long history of sniffing out consumer demand and creating products that meet it. David Hughes, president of the U.S. subsidiary of British-based anti-virus firm Sophos, said that Gates has a track record of success when he stakes out clear goals for Microsoft, as he did in a company-wide e-mail announcing the security push. "When Bill says they are going to do something, they do it. He realizes it's a high priority issue for customers," he said. But others say the public relations risks are skewed against the company this time since even a single hack could loom larger than a host of quiet improvements in its software. "Microsoft is in a no-win situation," said Lawrence Walsh, managing editor of Information Security Magazine. "They have to do something. But perception is stronger than reality. If they suffer one hack, people will think they didn't do their job." During an interview in Tokyo with Reuters last week, Gates, who has a record of confounding naysayers, said Microsoft welcomed the scrutiny of its software and the level of their security. "Microsoft products get looked at harder than any other products and that's a good thing, he said. "We have these 24-hour response teams and we're the guys who are serious about this," Gates said. "We've put into place infrastructure to update things so it's certainly a key issue for the industry." (Additional reporting by Reed Stevenson in Tokyo.) - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 05:26:19 PST