Outlines Holistic Approach to Combat Security Threats Based on a Combination
Of Increased Resiliency and Industry Cooperation
SAN FRANCISCO, Feb. 24 /PRNewswire-FirstCall/ -- Microsoft Corp.
(Nasdaq: MSFT) Chairman and Chief Software Architect Bill Gates today outlined
innovative technology investments and industry cooperation to help address the
needs of businesses and individuals in the face of the threat posed by
malicious software code. During his keynote address at the RSA Conference
2004, Gates demonstrated new and emerging technologies designed to help
improve security of IT systems and build resiliency into desktop and server
systems.
(Photo: NewsCom: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
"The industry is facing an increasingly complex and sophisticated security
landscape," Gates said. "Security advancements outlined today, as well as
industry collaboration and innovations in security technology for the future,
will play a key role in providing users with a safer and more seamless
computing experience."
Highlights of the keynote include the following:
-- The announcement that Microsoft is investing in the development of
security technologies to extend integrated protection to PCs, to make
them more resilient in the presence of worms and viruses
-- Gates demonstrating, for the first time, upcoming security enhancements
in Windows(R) XP Service Pack 2 including Windows Firewall, Windows
Security Center and browsing enhancements in Internet Explorer
-- An outline of Microsoft's technological approach for reducing spam,
including its Coordinated Spam Reduction Initiative (CSRI) and
technical specifications for the establishment of caller ID-like
functionality for e-mail to help prevent domain spoofing
-- The announcement of Exchange Edge Services, a milestone in the
development of next-generation Microsoft(R) Exchange Server e-mail
protection and security technologies to better protect users' systems
from viruses and junk e-mail
In addition, Gates announced new and expanded industry alliances:
-- Five new members -- F-Secure Corp., Global Hauri, Norman, Panda
Software and Sophos Plc -- have joined the Virus Information Alliance
(VIA), a centralized resource formed in May 2003 to help Internet users
find information about the latest virus threats affecting Microsoft
technology. The alliance, whose members now include 10 leading
anti-virus vendors and Microsoft, offers recommended best practices for
helping protect against malicious attacks, information about specific
viruses and worms, how-to articles, and links to other anti-virus
resources through a TechNet Web page at
http://www.microsoft.com/technet/security/virus/default.asp.
-- The Global Infrastructure Alliance for Internet Safety (GIAIS), an
alliance with leading Internet service providers (ISPs) worldwide
including BT, Chunghwa Telecom, Cox Communications, EarthLink, KT
(Korea Telecom), MSN(R), NTT Communications, Planet Internet, Shaw
Communications, TDC, T-Online, TeliaSonera, Tiscali SpA, United Online,
Wanadoo and Xtra (Telecom New Zealand), was formed to drive a more
secure Internet environment for consumers by educating and protecting
them against the threat of malicious code attacks.
Investments in Security Technology
In his keynote address, Gates described an increasingly sophisticated
security landscape in which worms and viruses unleashed by criminals represent
multifaceted threats. In response to this evolving security landscape, Gates
discussed how Microsoft is taking steps toward making computers more resilient
in the presence of worms and viruses, enabling customers to communicate and
collaborate in a more secure manner. Microsoft is focusing on the development
of technologies designed to make this vision a reality and extend protection
to PCs themselves.
"No single technology can adequately protect against the many different
kinds of attacks that computers face," Gates said. "Resiliency can only be
achieved with a combination of security technologies designed to combat the
sophisticated threat from worms and viruses."
This approach begins with Windows XP Service Pack 2 (SP2), currently in
beta release. In his keynote address, Gates demonstrated new enhancements to
Windows XP, including the new Windows Security Center, which will enable users
to automatically check the status of essential security features, such as
firewall, automatic update and anti-virus functionality. When a problem is
detected, customers will receive a notification and recommended steps to help
them improve security.
Microsoft is working closely with PC manufacturers to deliver Windows XP
SP2 to customers. "HP remains committed to providing security solutions to
businesses, small companies and consumers that help protect them from both
known and unknown threats. Our strategy has been, and continues to be, to make
security a built-in piece of everything we provide, not a bolt-on," said Jim
McDonnell, vice president of worldwide marketing at HP. "As part of that
commitment, HP is pleased to bring our customers these additional security
enhancements through Microsoft Windows XP SP2."
"Dell is committed to providing customers with technology products that
enable a high level of security, and welcomes the security enhancements that
Windows XP SP2 will provide to an overall security framework," said Jim
Totton, vice president of software for the Product Group at Dell. "Through our
relationship with Microsoft, we are able to provide development input to
address the security requirements of our global customers. We support
Microsoft in its commitment to help customers protect their IT assets and
minimize risk."
Over time, Microsoft envisions that active protection technologies will be
designed to run on Windows-based computers in a network -- servers, desktops
and laptops -- and will have the following capabilities:
-- Dynamic system protection to proactively adjust defenses on each
computer based on changes in state, reducing the likelihood of a
successful attack
-- Behavioral blocking to limit the ability of worms and viruses to cause
damage once on a computer, helping contain attacks and acting as a last
line of defense
-- Application-aware firewall and intrusion prevention to identify
malicious traffic and stop it, helping prevent infection
Gates emphasized that these development investments are only the
beginning, and that people can expect to see these technologies used more
broadly in the future.
Extending Security Training to Developers
To help developers take advantage of the new security features in Windows
XP SP2, Microsoft is providing free interactive online training and other
technical resources on the MSDN(R) Web site (http://msdn.microsoft.com/ ).
Developers will have access to advanced new tools designed to simplify the
process of creating more secure applications. For example, "Whidbey," code
name for the upcoming release of Visual Studio(R), and the Microsoft .NET
Framework will contain software-based tools developed by Microsoft Research
designed to provide static defect prevention and detection and mitigation
capabilities for managed and unmanaged code, enabling developers to build
more-secure applications.
Helping Protect Customers Against the Threat of Spam
Gates also announced a detailed vision and proposal on what technology can
do to help decrease spam, including outlining Microsoft's Coordinated Spam
Reduction Initiative (CSRI) and technical specifications for the Caller ID for
E-Mail feature. CSRI is Microsoft's long-range technological plan for
dramatically reducing spam by establishing verifiable identity in e-mail
through a caller-ID-like approach, setting reasonable behavior policies for
high-volume e-mail senders, and creating viable identification alternatives
for smaller-scale e-mail senders.
Gates noted that Microsoft is moving ahead with plans for a pilot
implementation of Caller ID for E-Mail in its Hotmail(R) service. In addition,
the company continues to work with other organizations, including Amazon.com
and Brightmail Inc., to help test this proposal.
IT Systems Security
Gates announced that Microsoft will be delivering Exchange Edge Services,
an enhancement to the SMTP relay implementation in Exchange 2003. With
Exchange Edge Services, Microsoft will provide an enhanced set of services
aimed at enabling customers to better protect their e-mail system from junk
e-mail and viruses as well as improve the efficiency of handling and routing
Internet e-mail traffic.
A priority of Exchange Edge Services is to provide a solid, extensible
infrastructure that industry partners can use to deliver innovative and robust
solutions to help address customer needs for improved e-mail security and
hygiene at the network boundary. Exchange Edge Services will provide a new way
to extend Windows-based infrastructure and can serve as an alternative to the
complicated legacy systems used to protect the e-mail perimeter today.
Enabling Trust Scenarios
Gates discussed Microsoft's work to extend security technologies,
demonstrating a technology created by Microsoft Research called the Microsoft
Tamper Resistant Biometric ID Card, a cryptographically tamper-resistant
identification card that can be easily deployed using simple, low-cost
hardware and regular paper.
Gates also highlighted the availability of the Security Scenarios Working
Group draft for public review. The Security Scenarios document, which was
developed by the Web Services Interoperability Organization (WS-I) Security
Profile Working Group, identifies security challenges and threats in building
interoperable Web services and proposes countermeasures for these risks. In
addition, Gates noted that Microsoft has successfully completed U.S. Federal
Bridge Certification Authority (FBCA) interoperability testing with the
Windows Server(TM) 2003 Enterprise Edition platform and is pleased to announce
its availability to customers that want to participate in the FBCA
architecture. This is an especially notable event for Microsoft, U.S. federal
agencies and customers around the world, because it demonstrates Microsoft's
commitment to interoperability in heterogeneous environments as well as its
determination to develop a security platform for high-assurance applications
and services.
Gates concluded his keynote address by reiterating Microsoft's commitment
to helping improve security in computing with a multipronged strategy that
spans technology and social aspects such as education and raising awareness,
noting Microsoft's focus on quality, innovation and partnership.
About Microsoft
Founded in 1975, Microsoft is the worldwide leader in software, services
and Internet technologies for personal and business computing. The company
offers a wide range of products and services designed to empower people
through great software -- any time, any place and on any device.
NOTE: Microsoft, Windows, MSN, MSDN, Visual Studio, Hotmail and Windows
Server are either registered trademarks or trademarks of Microsoft Corp. in
the United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
SOURCE Microsoft Corp.
 back to top
Related links:
http://www.microsoft.com
Photo Notes:
NewsCom:
http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO
AP Archive: http://photoarchive.ap.org
PRN Photo Desk, photodesk@prnewswire.com
CONTACT:
Rapid Response Team of Waggener Edstrom,
+1-503-443-7070, or rrt@wagged.com, for Microsoft Corp.
NOTE TO EDITORS: If you are interested in viewing additional
information on Microsoft, please visit the Microsoft Web page at
http://www.microsoft.com/presspass/ on Microsoft's corporate
information pages. Web links, telephone numbers and titles were
correct at time of publication, but may since have changed. For
additional assistance, journalists and analysts may contact
Microsoft's Rapid Response Team or other appropriate contacts
listed at http://www.microsoft.com/presspass/contactpr.asp
|
