Keynote Address at RSA Conference Details Microsoft's Latest Efforts,
Including Technology Deliverables, Customer Guidance and Partnerships
With the Industry, to Help Secure Customers
SAN FRANCISCO, Feb. 15 /PRNewswire-FirstCall/ -- During his keynote
address at the annual RSA Conference today, Bill Gates, chairman and chief
software architect at Microsoft Corp. (Nasdaq: MSFT), announced continued
innovation and technology investments including future enhancements for safer
Web browsing, such as plans for a new version of Microsoft(R) Internet
Explorer for Windows XP Service Pack 2 customers; expanding anti-spyware
protection by including the Windows(R) AntiSpyware technology at no additional
charge as part of the Windows value proposition; edge protection technology
for businesses, notably the release to manufacturing of Microsoft Internet
Security & Acceleration (ISA) Server 2004 Enterprise Edition; and the need for
more robust anti-virus protections for collaboration and messaging,
demonstrated with Microsoft's intention to acquire Sybari Software Inc.
(Photo: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
"Our primary goal is to improve security and safety for all our customers
-- consumers and businesses, regardless of size -- through a balance of
technology innovation, guidance and industry leadership," Gates said. "We're
committed to continued innovation that addresses the threats of today and
anticipates those that will undoubtedly emerge in the future."
Windows XP SP2 Gains Momentum; New Browser Planned
In August, Microsoft released Windows XP Service Pack 2 (SP2), which
included major security advancements. Windows XP SP2 includes significant
upgrades to Internet Explorer, incorporating a stronger security
infrastructure to help thwart malicious software attacks, block suspicious
content and eliminate many common spoofing attempts. Gates cited the fact that
there are now more than 170 million copies of Windows XP SP2 distributed
around the world, and highlighted a recent report from Web analytics firm
WebSideStory Inc. that shows almost half of all computer users browsing the
Web on weekends are better protected with Windows XP SP2. Businesses are also
embracing Windows XP SP2: Of 800 enterprise customers recently surveyed,
Microsoft has received commitments from 77 percent to deploy Windows XP SP2
over the next six months. For example, Merrill Lynch, a leading financial
management and advisory company, has committed to deploying Windows XP SP2
companywide -- across 50,000 desktops -- by the middle of the year.
"We're installing Windows XP SP2 companywide on over 50,000 desktops
because we recognize that its security enhancements are significant. As the
frequency of attacks against computer systems increases, it's becoming
critically important to have our systems protected against hackers, viruses
and other security risks," said Joseph Martella, director of End User
Computing, Product Engineering at Merrill Lynch.
Building on those advancements, Gates announced Internet Explorer 7.0,
designed to add new levels of security to Windows XP SP2 while maintaining the
level of extensibility and compatibility that customers have come to expect.
Internet Explorer 7.0 will also provide even stronger defenses against
phishing, malicious software and spyware. The beta release is scheduled to be
available this summer.
Addressing the Threat of Malware
Since December, Microsoft has rolled out new capabilities to assist
customers in combating malicious or unwanted software and removing it from
their machines, including the beta version of Windows AntiSpyware. Customers
have downloaded more than 6 million copies of Windows AntiSpyware since it
became available Jan. 6, 2005. Gates announced the company's plan for making
the personal version of the final Windows AntiSpyware software available at no
additional charge to licensed Windows customers as part of the Windows value
proposition. The offering will offer full functionality to consumers,
including the ability to detect and remove spyware, continual protection that
helps guard against more than 50 ways that Web sites and programs can put
spyware on a PC, and protection against the latest threats through the
combined efforts of the SpyNet(TM) community and Microsoft researchers. For
business customers, with more complex infrastructure support, management and
deployment needs, Microsoft plans a managed anti-spyware solution that will be
available as part of a paid solution.
"Customers are concerned about the risk malware poses to their personal
information, and frustrated by its impact on the reliability and performance
of their computers," Gates said. "We are responding by making security easier
and more cost-effective for Windows customers, helping to protect millions of
people who are vulnerable today."
Gates also discussed how Microsoft's security investments will help
business customers better protect their systems from constantly evolving
threats. Last month Microsoft began shipping a malicious software removal tool
on a regular, predictable basis as part of the company's monthly update cycle.
The tool, which detects and removes a range of the most prevalent threats
including the Netsky, Korgo and Zafi viruses, was rolled out Jan. 11, 2005,
and has been used on more than 133 million PCs worldwide.
Gates expanded on Microsoft's recently announced plans to acquire security
vendor Sybari Software Inc., which provides solutions to help protect
messaging and collaboration servers from malicious software. Gates noted that
when the acquisition is closed, Microsoft intends to ship a Microsoft engine,
based on the GeCAD technology acquired in 2003, as one of the multiple
scanning engines supported by Sybari's flagship Antigen software. Gates
further noted that the Microsoft engine would also be integrated into a broad
consumer offering by the end of this year.
Streamlining Software Updates
Gates highlighted Microsoft's efforts to promote the computing ecosystem
and infrastructure that allows customers to keep software current with the
latest security updates. As a result of these efforts, there was a 400 percent
increase in the number of PCs that are being automatically updated by
customers using Software Update Services and Windows Update in 2004.
To further simplify the update process, Gates announced that a beta
version of Microsoft Update, a unified update service for consumers and small
businesses that includes technologies such as Windows XP, Windows 2000,
Windows Server(TM) 2003, Office 2003 and Exchange Server 2003, is scheduled
for release in mid-March. Microsoft Update will consolidate the latest
security and reliability updates in one convenient location. In addition,
Gates confirmed that the final version of a complimentary service designed for
midsize and larger enterprises, Windows Update Services, will be available in
the first half of 2005. Windows Update Services will enable system
administrators to more quickly obtain updates for a wider array of Microsoft
applications and distribute them across their networks.
In addition, Gates announced that version 2.0 of the Microsoft Baseline
Security Analyzer (MBSA), a tool to help identify common security
misconfigurations, will be available in the same timeframe as Windows Update
Services, and will work seamlessly with Windows Update Services to provide
consistency in scanning and deployment.
Innovation to Better Protect Networks and Sensitive Information
As part of Microsoft's initiatives to better protect the edge of corporate
networks, Gates announced the release to manufacturing of the Enterprise
Edition of Microsoft Internet Security and Acceleration (ISA) Server 2004. ISA
Server 2004 Enterprise Edition is designed to help customers reduce risks and
security-related costs by helping protect key business scenarios in the
enterprise; features include more-secure remote access to essential
applications for employees and partners, security-enhanced connections for
branch offices to corporate headquarters, and better protections from
malicious Internet traffic. The Enterprise Edition of ISA delivers improved
manageability, scalability and availability.
Gates also restated Microsoft's long-term commitment to providing
customers with innovative solutions to help protect their sensitive
information from unauthorized use by announcing how Service Pack 1 for Windows
Rights Management Services (RMS) will enable new solutions for regulatory
compliance and records management. RMS SP1 will add the ability to deploy a
low-cost enterprise rights management solution without a network connection to
the Internet and without an operational dependency on an external entity such
as Microsoft, integration with smart-card technology for improved
authentication, and more-efficient management of group definitions through
stronger integrations with Active Directory(R) service.
Comprehensive Guidance, Training and Support
Gates stressed the important role developers play in overall IT security,
noting that a recent Microsoft study showed that 64 percent of developers are
not confident in their ability to write secure applications. To help address
that gap, he announced three worldwide initiatives:
-- A partnership with SPI Dynamics Inc., Fortify Software Inc., Mercury,
ISSA and others on the Secure Software Forum, aimed at bringing focus
to application security as a life-cycle and industrywide issue.
-- An effort to educate developers on threat modeling and how to write
more-secure code that is based on Microsoft's own Security Development
Lifecycle (SDL) program. The SDL has been Microsoft's approach to
enhancing its software development processes to better accommodate
security best practices. Microsoft has used the SDL on many products,
including Windows Server 2003, SQL Server(TM) 2000 SP3, Exchange Server
2003 SP1 and the upcoming release of Microsoft Exchange Server 2003 SP2
(due out in the second half of 2005) to measurably improve security.
The first Microsoft operating system that implemented large portions of
the SDL, Windows Server 2003, had 63 percent fewer security
vulnerabilities in its first year compared to Windows 2000 Server.
-- A worldwide Microsoft Most Valuable Professional (MVP) program, a
community of credible technology experts from around the world willing
to help others, is specifically targeted at helping developers who have
issues with securing applications. This outreach effort is designed to
educate the developer community about writing more-secure applications,
and to invite the developer community to help guide the direction of
Microsoft with product feedback and recommendations for application
security.
Microsoft has made significant advancements in the security guidance and
tools designed to reduce risks for customers. Over the past year, it has
provided security training to more than 750,000 IT professionals, developers
and partners around the world.
Partnering With the Industry, Government and Law Enforcement
Gates also described how Microsoft continues to partner with governments,
law enforcement agencies and industry partners worldwide to address the key
societal challenges of IT security. Microsoft actively supports domestic
policy initiatives that target criminal and dishonest behavior that
compromises the safety and privacy of online data. Microsoft also supports
international efforts to enhance the ability of law enforcement to catch and
punish online criminals who prey on consumers and businesses.
-- Microsoft's Internet Safety Enforcement team continues its
collaboration with other technology companies, law enforcement agencies
and state attorneys general to combat the proliferation of illegal
spam. Already in 2005, Microsoft helped the Texas attorney general
target the world's fourth-largest spammer, and partnered with
pharmaceutical industry leader Pfizer Inc. to bring lawsuits against
other global spam rings that engage in illegal practices.
-- To help parents and teachers improve children's safety online,
Microsoft has partnered with AMD, McAfee Inc., NetZero Inc., Cox
Communications Inc., Comcast Corp. and The Cybersmart Education Company
to introduce WebWatchers, an elementary school curriculum for safe
computing. Nearly 13,000 school districts across the United States
serving 4.6 million students have the opportunity to take advantage of
this program, which was released in early February.
-- Microsoft has funded and collaborated with Interpol and the
International Centre for Missing and Exploited Children to conduct six
four-day training sessions on computer-facilitated crimes against
children. The sessions have trained more than 570 officials from
67 countries worldwide in sessions hosted in Hong Kong; Zagreb,
Croatia; Lyon, France; Cape Town, South Africa; San Jose, Costa Rica;
and Bucharest, Romania.
"Security remains a top priority for Microsoft," Gates said. "Technology's
full potential can be realized only when customers are able to securely deploy
solutions, and the entire community works in partnership to foil attacks by
hackers and criminals."
More information about Microsoft's efforts around security can be found at
http://www.microsoft.com/security .
About Microsoft
Founded in 1975, Microsoft is the worldwide leader in software, services
and solutions that help people and businesses realize their full potential.
NOTE: Microsoft, Windows, Windows Server and Active Directory are either
registered trademarks or trademarks of Microsoft Corp. in the United States
and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
SOURCE Microsoft Corp.
back to top
