By David Becker, 1 April 2004 09:05
NEWS Microsoft has made significant progress in making its software more secure, and further improvements are on the way, according to Bill Gates who addressed these issues in a letter to customers.
Gates wrote: "Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero. But we can dramatically blunt the impact of cybercriminals and are dedicating a major portion of our R&D investments to security advances."
Gates said the effectiveness of new security measures adopted as part of Microsoft's "trustworthy computing" initiative is borne out by numbers. The number of "critical" and "important" security bulletins issued in the first 320 days of availability for Windows Server 2003 was nine, he wrote, compared with 40 in the same period for Windows 2000 Server, the previous version of the server operating system. SQL 2000 generated three such bulletins in the 15 months after the release of Service Pack 3, a collection of bug fixes and updates, compared with 13 in the 15 months before the Service Pack release.
On the desktop, major security improvements will be made to Windows XP with the upcoming release of Service Pack 2, including default use of Windows' built-in firewall and memory management technology to limit exploitation of buffer overflows - a common avenue for virus attacks.
Microsoft has also improved the delivery of software patches with the new Windows Update Services and System Management Server 2003, a collection of tools designed to let information technology managers quickly test and deploy updates.
Areas Microsoft is researching, Gates wrote, include "active protection technologies" that would let computers respond more intelligently to potential threats. A laptop could automatically employ stronger security settings when connected to a home Internet connection than a corporate network, for example, or when software hasn't been updated for a long time.
Microsoft is also working on "client inspection" tools that would automatically examine remote PCs for viruses and worms before allowing them to connect to a corporate network, plus improved user authentication systems based on smart cards and biometrics.
David Becker writes for News.com
Comments
There are 4 comments. Join the discussion
1. Brian Chappell
A company globally condemned for anti-competitive activities, with a history of security flaws and failures to act promptly to them, declares that it's own products are more secure than any other product (and we know who they are talking about don't we Linus).
You excuse me for being a little sceptical, after all, given the security holes found in Microsoft's systems how can we be sure that this statement came from Bill Gates at all?
All in all it's a little like Ratner saying that their jewellery is better quality than anyone else. When the rest of the industry acknowledges the improvement through independent testing (and no Bill, that doesn't mean you commissioning an external agency) then I'll begin to believe it. Until that time, I'll continue to assume that any of my Microsoft systems are open books to the world.
2. anonymous
Does Gates think we are all dumb and gullible?
He may be able to convince the sheep that he employs to believe him. But come on MS. When are you going to stop peddling your BS!
I can't believe the media actually help to perpetuate this crap!
3. anonymous
The "client-inspection" tools sound interesting. Presumably as well as refusing any client infected with worms and viruses, it will also refuse clients which are not running a Microsoft OS, or which do not show a valid OS activation code.
4. Pete Scott
This is clearly a new meaning of the phrase "more secure" I have not come across yet. Just to be clear, Mr Gates is going to open a back door on my PC just so a server can "inspect" my PC. Perhaps this is just me being naive, but I bet the hackers cannot wait for this to be opened up.