Microsoft Chairman Outlines Priorities and Urges the Industry to Partner to
Build Trust Among Computer Users
SAN JOSE, Calif., Feb. 14 /PRNewswire-FirstCall/ -- In his keynote address
at the RSA Conference 2006, Microsoft Corp. (Nasdaq: MSFT) Chairman and Chief
Software Architect Bill Gates shared Microsoft's immediate and future plans to
achieve a more secure digital future, where interconnected networks worldwide
allow people to work and play across a multitude of devices, products,
services and organizations, with greater confidence in the security of their
experiences. Gates highlighted advancements in the forthcoming Windows
Vista(TM) release such as isolation techniques to reduce the impact of
malware, improved identity and access controls, and better data protection. He
also showcased innovations surrounding the platform such as Windows
OneCare(TM) Live, and industry partnerships such as the SecureIT Alliance. He
called for the industry to come together to achieve a more secure computing
experience for all users.
(Logo: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
"This rapid adoption of the digital lifestyle offers new computing
opportunities for both personal and business use," Gates said. "Our vision for
security is to create a world where there is greater trust -- where people and
organizations can use a range of devices to be more reliably and securely
connected to the information, services and people that matter most to them."
Gates emphasized that the vision of a digital lifestyle can only succeed
if it is designed with security at its core. Gates highlighted Microsoft's
unique intelligence on the ever-evolving threat landscape -- insights gleaned
from more than 2 billion executions of the Microsoft(R) Malicious Software
Removal Tool, more than 230 million users of MSN(R) Hotmail(R), Microsoft's
product support services, Windows(R) Defender, and the Online Crash Analysis
tool -- noting that these insights enable Microsoft to not only respond more
quickly to the evolving threat environment (including an increasing threat of
botnets and rootkits and the growing threat of attacks on multiple devices),
but also to design long-term security strategies that anticipate future
trends. Accordingly, he emphasized four principles required to achieve the
vision of a seamlessly connected, more secure digital lifestyle for consumers
and businesses: a trust ecosystem, security engineering, simplicity and
fundamentally secure platforms.
Fostering a Trust Ecosystem
A "trust ecosystem" is an environment that engenders trust and
accountability between people and businesses. Today trust ecosystems exist in
the physical world -- they can be as simple as a loss of reputation, or
expulsion from a group, or something as severe as a conviction for a criminal
act -- but Gates asserted that trust must be extended to the Internet, and
that a key component, reputation, must cover not only individuals and
organizations but also code and devices. Gates gave as an example the kernel
mode driver signing feature of Windows Vista, which will help protect against
changes to system structures and help limit the spread of malicious software
by identifying the publisher and by requiring code to comply with certain
policies to ensure integrity.
"A trust ecosystem should be established to help users and organizations
more efficiently and safely leverage current and emerging online
technologies," said Dan Blum, senior vice president and group research
director of Burton Group Inc. "Microsoft has presented an ambitious vision for
protecting online computing, but fulfillment of that vision requires
industrywide involvement."
Gates emphasized that the industry needs to work together to provide a
wide range of digital identities for people, organizations, devices and code.
Gates highlighted work Microsoft is doing with the industry in support of the
Identity Metasystem, a way users and sites can more safely and privately
exchange personal identity information across the Internet.
To help end users, organizations and developers connect to the Identity
Metasystem, Microsoft will introduce new technologies including "InfoCard,"
the code name for a new feature of Microsoft Windows that simplifies and
improves the safety of accessing resources and sharing personal information on
the Internet. Gates announced that "InfoCard" will be delivered as part of
WinFX(R), Microsoft's managed code programming model, and will support Windows
Internet Explorer 7 on Windows Vista, Windows XP Service Pack 2, and Windows
Server(TM) 2003 Service Pack 1 and R2.
"The Identity Metasystem addresses the fundamental need for a
platform-independent identity architecture for the Internet," said Lawrence
Lessig, professor of Law at Stanford Law School and founder of the school's
Center for Internet and Society. "It insulates consumers and businesses from
the intricacies of the numerous individual identity systems that are in use
today, and provides a much-needed framework for information to be shared more
easily and securely online."
Gates also discussed the company's commitment to further simplifying the
overhead associated with identity and access management in the enterprise.
Beginning with the future release of Windows Server, code-named "Longhorn,"
Microsoft will expand the role of Active Directory(R) to include Rights
Management Services, Certificate Services, Metadirectory Services and
Federation Services. The expanded capabilities of Active Directory will
provide customers with a unified identity and access infrastructure that spans
enterprise and Internet scenarios. Gates also announced the first beta of
Microsoft Certificate Lifecycle Manager, a policy- and workflow-driven
solution that streamlines the provisioning, configuration and management of
digital certificates and smart cards, and increases security through strong,
multifactor authentication technology.
Engineering for Security
Gates called on all companies to strive for excellence in security
engineering at all stages of development to ensure more-secure product design.
Engineers around the world must be consistently trained in secure design and
coding practices. He encouraged the software community to change the
engineering culture so security is no longer an afterthought, but a guiding
principle from the very beginning of development. To provide a more secure
ecosystem, Gates encouraged industry partners to publish and share best
practices for developing more-secure code and, as an example, cited
Microsoft's implementation of the Security Development Lifecycle (SDL). The
details of this formalized process have been made publicly available for
developers, including its code-scanning tools such as PREfast and FxCop in
Visual Studio(R) 2005.
Simplifying Security
Security is complex, making it difficult for IT professionals, consumers
and developers to make the appropriate decisions or accurately implement
security measures. In his address, Gates called on the computing industry to
simplify security to make it easier for developers to write more-secure
applications, Web services and platforms, and to help ensure that customers
can use and switch between applications, services, platforms and devices while
being confident that their information is protected. A key to simplicity,
Gates said, is integration with the platform that can help drive ubiquity and
ease the ability for third-party developers to write extensions that take
advantage of the platform.
Gates discussed a number of Microsoft efforts to simplify security for
users, including the Windows Security Center in Windows XP SP2 and Windows
Vista, which allows the status of security protections to be easily visible by
consumers, regardless of the vendor. Another example Gates highlighted was the
underlying design goal of Windows OneCare Live, which was developed to improve
overall PC health instead of focusing on merely one need.
Building a Fundamentally Secure Platform
Platforms must maintain the confidentiality and integrity of information
and resources, regardless of whether information is being stored or
transported across devices, services or networks. Gates said that isolation
technologies to protect against the threat of malware, trust-based multifactor
authentication, policy-based access control, and unified audit across
applications must be built into the computing experience at the platform
level, and he outlined a number of technology investments Microsoft is making
to bring this vision to life.
He highlighted Windows Vista, the forthcoming operating system, and noted
that it has been developed with the highest attention to security. For
example, it includes Windows Service Hardening, a feature that restricts
critical Windows services from doing potentially malicious activities in the
file system, registry, network or other resources that could be used to allow
malware to install itself or attack other computers. Other features include a
two-way firewall and built-in anti-malware protection, Windows Defender. In
addition, it will include User Account Protection, which makes it easier to
deploy a more secure and manageable desktop for standard users, and
information protection via BitLocker(TM) Drive Encryption. Gates announced the
public availability of the second beta of Windows Defender for existing
Windows systems, which includes several enhancements and new functionality
that reflects ongoing input from customers. The free beta download is now
available for customers running Windows XP, Windows 2000 and Windows Server
2003.
Industry Call to Action
Gates appealed to the industry to come together to develop more-secure
products with a common understanding of how software should behave and work
together. He asked the industry to support a trust ecosystem that will allow
people to embrace a digital lifestyle with more secure, accountable and
reliable technology.
Gates highlighted the company's commitment to building industry
partnerships to promote security. A notable example is the SecureIT Alliance,
formed by Microsoft in October 2005, which now has more than 70 members. The
industry consortium's goal is to enable independent software vendors and
systems integrators to work more closely with Microsoft and each other to
build and integrate security products for the Microsoft platform. The SecureIT
Alliance has launched its official Web site, http://www.secureitalliance.com,
which has been expanded to include an interactive developer forum for member
partners. Microsoft is also a founding member of the Anti-Spyware Coalition,
an organization comprising leading anti-spyware vendors, academic leaders and
related advocacy groups who all share a commitment to ensuring that users
maintain control over what is running on their computers.
"The world is adopting the vision of an interconnected global community at
a rapid pace," he said. "It is our responsibility as industry leaders to
provide customers with the information and tools they need to live their
personal and professional lives without fear of security or privacy breaches.
Every computer user should have the right to go online securely, and we are
committed to turning this vision into reality."
More information about Microsoft's vision for secure computing can be
found in the RSA virtual pressroom at
http://www.microsoft.com/presspass/events/rsa/default.mspx.
Addendum: Recent Microsoft Security Product Announcements
In support of Microsoft's vision for secure computing and the company's
ongoing commitment to providing integrated security, efficient management, and
fast and secure access, Microsoft also recently announced the following
product milestones:
-- Windows OneCare Live PC care subscription service will be available
beginning in June 2006 for $49.95 per year for up to three PCs. The
service will offer consumers the value of protection and maintenance,
all in one solution.
-- Internet Security & Acceleration Server (ISA Server) 2006 Beta is now
available for customer download at http://www.microsoft.com/isaserver.
A cornerstone of Microsoft's security product strategy, this latest
version of the firewall, VPN and Web cache solution helps customers
secure their Microsoft-based application infrastructure, streamline
network control, enhance performance, safeguard IT environments, and
reduce the complexity and costs of security management.
-- Microsoft is also announcing the acquisition of a Web filtering
product, DynaComm i:filter, from FutureSoft Inc. The product enables
business customers to manage access to the Web in their environments.
The acquisition will help Microsoft better address customer needs for
more secure and productive Web access. Microsoft has acquired only the
Web filtering product from FutureSoft. The company remains independent
following this acquisition.
-- An early beta version of Microsoft Client Protection, the new security
product that helps protect business desktops, laptops and servers from
current and emerging threats, has been shipped to selected customers.
Microsoft plans to make the public beta version of Microsoft Client
Protection available in the third quarter of 2006. Microsoft Client
Protection is targeted for release to manufacturing by the end of 2006.
-- Microsoft Antigen anti-virus and anti-spam solutions for Exchange and
SMTP servers have also been shipped in private beta to selected
customers, and will be generally available in the next six months.
Antigen for Exchange, Antigen for SMTP Gateways, Antigen Spam Manager
and Antigen Enterprise Manager protect against viruses, worms, spam and
inappropriate content with a layered, multiple-scan engine approach.
Further details about Microsoft security products are available in the
PressPass interview with Ted Kummert, corporate vice president for the
Security, Access and Solutions Division for the Server and Tools Business at
Microsoft, at
http://www.microsoft.com/presspass/features/2006/feb06/02-09ISAServer.mspx.
Founded in 1975, Microsoft is the worldwide leader in software, services
and solutions that help people and businesses realize their full potential.
NOTE: Microsoft, Windows Vista, Windows OneCare, MSN, Hotmail, Windows,
WinFX, Windows Server, Active Directory, Visual Studio and BitLocker are
either registered trademarks or trademarks of Microsoft Corp. in the United
States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
SOURCE Microsoft Corp.
 back to top
Related links:
http://www.microsoft.com
Photo Notes:
NewsCom:
http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO
AP Archive: http://photoarchive.ap.org
PRN Photo Desk, photodesk@prnewswire.com
CONTACT:
press only, Rapid Response Team of Waggener
Edstrom Worldwide, +1-503-443-7070, or rrt@waggeneredstrom.com,
for Microsoft
NOTE TO EDITORS: If you are interested in viewing additional
information on Microsoft, please visit the Microsoft Web page at
http://www.microsoft.com/presspass on Microsoft's corporate
information pages. Web links, telephone numbers and titles were
correct at time of publication, but may since have changed. For
additional assistance, journalists and analysts may contact
Microsoft's Rapid Response Team or other appropriate contacts
listed at http://www.microsoft.com/presspass/contactpr.mspx.
|
