[ISN] Microsoft confident in security push

From: InfoSec News (isnat_private)
Date: Wed Nov 13 2002 - 23:40:20 PST

  • Next message: InfoSec News: "[ISN] Identifying a deleted account."

    By Robert Lemos 
    Staff Writer, CNET News.com
    November 13, 2002, 5:27 PM PT
    MOUNTAIN VIEW, Calif.--Ten months after Microsoft Chairman Bill Gates
    called on company employees to make Windows more trustworthy, a
    company executive said the initiative is paying off.
    Speaking at the software giant's monthly Silicon Valley Speaker
    series, Craig Mundie, senior vice president for advanced strategies
    and policy, said that headway has been made in the company's
    Trustworthy Computing initiative.
    Other companies will have to follow suit or potentially lose consumer
    trust, he said.
    "Beyond Microsoft, (trust) will be the defining issue for the
    industry," he said. "If we want to enjoy the business and results we
    will have to put our IQ into dealing with this issue."
    The speech comes a year after Microsoft declared at its Trusted
    Computing conference that security had to be a higher priority for
    computers connected to the Internet.
    One bright spot in the company push is the creation of error-reporting
    software. The software allows volunteers using Windows XP to let their
    computer automatically report any bugs that may have caused an
    application to crash.
    While Microsoft's new initiative makes catching bugs a priority, the
    new software also allows the company to address security issues before
    consumers get overly frustrated.
    The bug-collecting software has shown that one percent of application
    errors are responsible for nearly 50 percent of all crashes. And the
    top 20 percent of errors account for more than 80 percent of all
    "It lets us know what is going on in the real world; the panoply of
    cases of which there is no possible way you could test," Mundie said.
    The company also counts privacy enhancements to Media Player 9,
    unveiled in September, as a success. The feature forces users,
    immediately following installation of the software, to set a privacy
    policy for how the Media Player handles their information.
    The security push hasn't been without some cost, however. Soon after
    Gates' memo, Microsoft stopped Windows development so that the company
    could train developers and project personnel in secure programming
    practices. The total cost for this project topped $100 million, Mundie
    Microsoft has also pushed back its next generation of server software,
    .Net Server. Among the reasons for the delay is the company's new
    focus on security.
    Phasing out older, more vulnerable versions of the Windows operating
    system has also been poorly received. Microsoft no longer supports
    Windows 95, and recent vulnerabilities that could affect that
    operating system's security have gone unpatched--despite the fact that
    the operating system is still widely used.
    The move is part of the initiative to make the supported installed
    base more secure, Mundie said.
    "Even if it means we break some applications, we are going to make
    things more secure," he said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 02:37:12 PST