X

Ballmer: Raising Microsoft's security game

The CEO defends Microsoft's efforts to protect its software against attacks and says open-source rivals can't match the software giant on security.

Mike Ricciuti Staff writer, CNET News
Mike Ricciuti joined CNET in 1996. He is now CNET News' Boston-based executive editor and east coast bureau chief, serving as department editor for business technology and software covered by CNET News, Reviews, and Download.com. E-mail Mike.
See full bio
Mike Ricciuti
4 min read
ORLANDO, Fla.--Microsoft CEO Steve Ballmer on Tuesday defended his company's efforts to secure its software and fend off open-source rivals.

Ballmer, speaking here at an industry conference market research firm Gartner sponsored, acknowledged that the software maker has been late to introduce better ways for its customers to patch their systems but said Microsoft is now making strides. "I know we need to do better, but we are in this challenging position where the hacker only needs to find one vulnerability, and we need to keep them out," he said.

News.context

What's new:
CEO Steve Ballmer reiterates Microsoft's "top priority" efforts to make its software more secure, and he continues the company's campaign against open source.

Bottom line:
Despite its recent efforts, Microsoft still needs to do more to ensure antsy customers about the security of its products. It's also out to prove that proprietary software adheres to higher standards than Linux and other open-source software.

For more info:
Track the players

"We have put a lot of energy into patching, later than we should have," he said. "We have been raising our game."

Ballmer also said increasing the quality and security of the company's software is vital to retaining customer confidence. Microsoft is in the midst of a nearly 2-year-old plan, called Trustworthy Computing, to better secure its systems.

Critics say the plan has been slow to take effect. And that's no small matter, according to researchers who have been pointing to the dangers of overreliance on Microsoft software, especially the Windows operating system.

"We rarely fail at something that is our top priority, and this is absolutely our top priority," he said. "It's hard. It's not like horseshoes--we can't just come close. We have our best brains on it. The issue of customer satisfaction can slow down progress for the whole industry and can help us differentiate ourselves from the competition. It's a defining-moment issue for us."

Ballmer said the mechanism for applying patches to the company's Windows operating system and related application "needs to be more predictable, with one simple installation, (with) rollback and management tools." Microsoft earlier this month said it will focus on adding new security technologies to its products and improving its process for releasing patches.

Click here to Play

New security hurdles must be addressed to prevent cyberattacks
Top security experts take Digital Defense Test 2003

The Microsoft chief executive also contrasted the quality of software that's produced by commercial makers to that of software that's developed under the open-source model. "Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don't get that," he said.

"There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well," Ballmer said.

In response to a question about whether Microsoft plans a version of Office for the Linux operating system, Ballmer said no, but "never say never. But we have no current plans and don't see that as an interesting opportunity."

"There is no road map for Linux, nobody who has his rear end on the line."
--Steve Ballmer, CEO, Microsoft
Ballmer said the market for Linux on client systems is still small. "It's smaller than the market for the Mac. The Mac is a nice, small business for Microsoft. But it is a small business. If someone says you have an opportunity to support a new platform that's less popular than the Mac, I'm not sure that is a good starting point," he said.

"People aren't used to paying for software on Linux. This isn't about religion, it's about business. We need to figure out what they need to get done and what they will pay for," Ballmer said.

Ballmer also disputed the notion that open-source code is more secure than Windows. "The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher," he said.

Audiocast
arrow Ballmer defends
Trustworthy
Computing initiative
play audio
"The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux. "

In the area of software management, Ballmer said Microsoft is working on new tools to "manage systems at a reasonable cost. That has not been our historical strength."

Microsoft earlier this month said it is working on new management tools, including its first Web services management software.