Internet both safer and more dangerous
Internet both safer and more dangerous
6:39

Internet both safer and more dangerous

Tech Industry
>> Ina Fried: I'm Ina Fried with CNET News. I'm here with Scott Charney, a Corporate Vice President in Microsoft's Trustworthy Computing Unit: its security group. Scott spoke earlier this week at the RSA Security Conference here in San Francisco. Scott, thanks for taking the time. >> Scott Charney: Thanks for having me. >> Ina Fried: I'm curious I guess, just to start it off -- I mean we hear a lot about security on the internet. We always hear about it. Is the internet getting fundamentally safer or a more dangerous place? >> Scott Charney: Well actually a little of each. I mean as new security technologies have come to the fore, many people engage in millions of transactions everyday without any problem at all. But there is still a sense that it is not safe enough. It was not built for the uses that we currently use it for: all these commercial transactions. As we move to cloud computing there will be more and more personal information online. I think most people want the internet to be safer. They want to worry less about things like phishing and identity theft. And there are a lot of companies and governments worried about losing proprietary information on the internet. >> Ina Fried: For the last couple years we've been hearing about threats getting more targeted, less of these widespread, more targeted at money as well and less at notoriety. But we are again hearing about sort of these widespread attacks you know with Conflicker and so forth. Why are we still dealing with these widespread type of exploits? >> Scott Charney: Well some of those widespread exploits take advantage of older platforms. So for example when the industry got very serious about security in the post 9/11 world, we built a lot of technologies into the Windows platform for example to make it safer. We turned on the firewall by default and we did address space layer randomization which sounds very technical, but essentially it forces malware to misfire. And therefore people running Vista for example were not affected by Conflicker in the same way. The challenges that people run all the versions of the operating system that were built before we had this focus on security. >> Ina Fried: One of the things which you've been talking about recently which is somewhat unusual to hear from a Microsoft executive is actually the importance of hardware in creating a more secure overall ecosystem. Why is it important to have security features built into the hardware? >> Scott Charney: In a nutshell, software is malleable and hardware is harder to tamper with. And ultimately you want to know that everything that's running on your machine goes down to some fundamental root of trust and that needs to be in the hardware. So we're big fans of what's called the trusted platform modular TPM. And we think putting more security in the hardware - not just in the TPM - but smart cards or dongles, other physical pieces of hardware that you have is a good thing to do. >> Ina Fried: How has Microsoft security strategy changed more in recent years? Obviously people remember you know the days of Bill's Trustworthy Computing Memo and you know when Microsoft stopped everything to work on security, but we haven't heard as much in recent years about really "What is the crux of where Microsoft's putting its energy in terms of security?" >> Scott Charney: So in the early years we picked a lot of low hanging fruit. We changed the way we developed products and we built tools to get rid of things that were commonly exploited such as buffer overruns. As we've done that though the criminal population has become more sophisticated and more targeted in their attacks. So a year ago I wrote a paper called "Establishing End to End Trust." And what we're really focused on is building a trusted stack [assumed spelling] - that is the hardware operating systems application, data and people - should all be verified in the right circumstances so that you know what's running on your machine and who you're dealing with. And we have to do that in a way that also preserves anonymity, free speech and other democratic values. So the real key is giving users control over their environment so they have the ability to share information about themselves or verify who they're dealing with when they want to, but be anonymous in other circumstances. >> Ina Fried: On the consumer side, one of the changes that Microsoft's making is for awhile now you guys had been in the consumer antivirus space with Windows Live OneCare: a paid product. You guys said we're going to discontinue that product. We're going to offer a more basic free product. What significance do you think that will have for the overall security landscape and where are things as far as that product which is code named Morrow [assumed spelling]? >> Scott Charney: Yeah that product is still in development. I'm optimistic that it is the right thing to do for security because we've found that still a lot of consumers weren't running basic antivirus software. And for it to be really effective, the broadest possible distribution is necessary so I think that giving it away to your consumers so that they can run it for free is the right thing to do. >> Ina Fried: And what about on the enterprise side? It seems like a lot of things are moving to the hosted realm. You guys recently offered a hosted security product. You know does Cloud computing and the switch to more services, does that make things again more secure, less secure or a combination of the two? >> Scott Charney: I think that this computing model's going to change somewhat dramatically. In Windows 7, we have something called direct access which is really a pure to pure model for the enterprise. And it's good because it relies on IPV 6 which is more robust than IPV 4 and it also uses IPsec so you're encrypted end to end. And there are other things that we enforce when we use direct access at Microsoft like two-factor log on to the desktop. So I think the network model is changing. It's becoming more information centric and overall it creates a better security model. >> Ina Fried: For all the time and energy that you and other folks at Microsoft put into security you know still when people think about computer security attacks, often times Microsoft is what comes to mind. Your rivals Apple and so forth get kind of a free pass when it comes to security. Is that something that's frustrating to you as someone who spends all their time working on security that Microsoft doesn't get more credit in this area? >> Scott Charney: Well actually I think we're getting a lot of credit today but we are ubiquitous. We have a large amount of market share. People are very familiar with Microsoft products and therefore we've always been a target for the hacker community. In some odd way that causes us to be even better, but I think we are getting credit. When I joined Microsoft in 2002, Microsoft did not have any reputation for making secure products. And now you see many people including other large companies, saying that our security development life cycle is really a great model and they give us credit publicly. So I think we've made huge advances but because we have such large market share, we are going to be the target of attacks and we just need to be better. >> Ina Fried: Thanks Scott. I've been speaking with Scott Charney, Microsoft's Corporate VP for the Trustworthy Computing Unit. He spoke earlier this week at RSA. For CNET News, I'm Ina Fried.

Up Next

What Google Gemini AI on the iPhone Could Look Like
240321-site-apple-and-gemini-ai

Up Next

What Google Gemini AI on the iPhone Could Look Like

Microsoft Surface Pro 10, Surface Laptop 6 Are Here
240320-site-microsoft-surface-pros-first-look-v2

Microsoft Surface Pro 10, Surface Laptop 6 Are Here

Everything Just Announced at Google's AI Health Event
sc-googlehealthai-00-02-29-25-still001

Everything Just Announced at Google's AI Health Event

Everything Just Revealed at Nvidia's GTC AI Conference
nvidiastill

Everything Just Revealed at Nvidia's GTC AI Conference

Nvidia Reveals Omniverse Cloud Streams to the Vision Pro
nvidia-vision-pro-image

Nvidia Reveals Omniverse Cloud Streams to the Vision Pro

Nvidia Shows Project GROOT and Disney Bots at GTC Conference
robot-2

Nvidia Shows Project GROOT and Disney Bots at GTC Conference

Expert vs. AI: Is Now the Time to Buy an EV?
gettyimages-1178244881

Expert vs. AI: Is Now the Time to Buy an EV?

Apple Has Big Ideas for a Smart Ring
240314-yt-omt-apple-ring-v4

Apple Has Big Ideas for a Smart Ring

SpaceX's Starship 3rd Flight Attempt (Supercut)
spacexstarshiptestflight1

SpaceX's Starship 3rd Flight Attempt (Supercut)

Apple Has Big AI Plans for Mac — and iPhone, Too
240307-yt-omt-ai-siri-v03

Apple Has Big AI Plans for Mac — and iPhone, Too

Tech Shows

The Apple Core
apple-core-w

The Apple Core

Alphabet City
alphabet-city-w

Alphabet City

CNET Top 5
cnet-top-5-w

CNET Top 5

The Daily Charge
dc-site-1color-logo.png

The Daily Charge

What the Future
what-the-future-w

What the Future

Tech Today
tech-today-w

Tech Today

Latest News All latest news

Apple and Meta Are Competing for Your Memories
screenshot-2024-03-22-at-17-41-16.png

Apple and Meta Are Competing for Your Memories

Nvidia's Project GR00T vs. Tesla Optimus: Competing Robot Strategies
240321-site-nvidia-project-groot-vs-tesla-optimus-v1

Nvidia's Project GR00T vs. Tesla Optimus: Competing Robot Strategies

What Google Gemini AI on the iPhone Could Look Like
240321-site-apple-and-gemini-ai

What Google Gemini AI on the iPhone Could Look Like

DOJ Sues Apple: Everything to Know About the Antitrust Suit
240321-site-doj-sues-apple-for-antitrust-on-iphone-v2

DOJ Sues Apple: Everything to Know About the Antitrust Suit

Microsoft Surface Pro 10, Surface Laptop 6 Are Here
240320-site-microsoft-surface-pros-first-look-v2

Microsoft Surface Pro 10, Surface Laptop 6 Are Here

Everything Announced at Microsoft Copilot and Surface Event
yt-microsoftai-supercut-clean

Everything Announced at Microsoft Copilot and Surface Event

Most Popular All most popular

First Look at TSA's Self-Screening Tech (in VR!)
innovation

First Look at TSA's Self-Screening Tech (in VR!)

Samsung Galaxy S24 Ultra Review: More AI at a Higher Cost
240123-site-samsung-galaxy-s24-ultra-review-4

Samsung Galaxy S24 Ultra Review: More AI at a Higher Cost

'Circle to Search' Lets Users Google From Any Screen
circlesearchpic

'Circle to Search' Lets Users Google From Any Screen

Asus Put Two 14-inch OLEDs in a Laptop, Unleashes First OLED ROG Gaming Laptop
asus-preces-00-00-25-11-still003

Asus Put Two 14-inch OLEDs in a Laptop, Unleashes First OLED ROG Gaming Laptop

Samsung Galaxy Ring: First Impressions
samsung-galaxy-ring-clean

Samsung Galaxy Ring: First Impressions

Best of Show: The Coolest Gadgets of CES 2024
240111-site-best-of-ces-2024-1

Best of Show: The Coolest Gadgets of CES 2024

Latest Products All latest products

Nuro R3 is an Adorable Self-Driving Snack Bar
240320-site-nuro-r3-first-look-v1

Nuro R3 is an Adorable Self-Driving Snack Bar

First Look: The $349 Nothing Phone 2A Aims to Brighten Your Day
240304-site-nothing-phone-2-first-look-v3

First Look: The $349 Nothing Phone 2A Aims to Brighten Your Day

Best of MWC 2024: Bendable Screens, AI Wearables and More
240229-site-best-of-show-at-mwc

Best of MWC 2024: Bendable Screens, AI Wearables and More

This Concept Laptop from Lenovo Has a Transparent Display
240225-site-lenovo-translucent-laptop-concept-v3

This Concept Laptop from Lenovo Has a Transparent Display

Motorola's Rollable Concept Phone Wraps on Your Wrist
240225-site-motorola-rollable-concept

Motorola's Rollable Concept Phone Wraps on Your Wrist

See Adobe Lightroom on the Apple Vision Pro
adobe-lightroom-00-02-58-03-still006-1

See Adobe Lightroom on the Apple Vision Pro

Latest How To All how to videos

Windows 11 Tips and Hidden Features
240311-site-windows-11-hidden-tips-and-tricks-v2

Windows 11 Tips and Hidden Features

Vision Pro App Walkthrough -- VisionOS 1.0.3
VisionOS 1.0.3

Vision Pro App Walkthrough -- VisionOS 1.0.3

Tips and Tricks for the Galaxy S24 Ultra
240216-site-galaxy-s24-ultra-tips-and-hidden-features-2

Tips and Tricks for the Galaxy S24 Ultra

TikTok Is Now on the Apple Vision Pro
tiktok-on-vision-pro-clean

TikTok Is Now on the Apple Vision Pro

Get Your TV Ready for the Big Game: Super Bowl Setup Tips
superbowl-tv-settings-thumb1

Get Your TV Ready for the Big Game: Super Bowl Setup Tips

How to Use a Quest 3 Like the Vision Pro
240202-site-spatial-computing-on-meta-quest-3

How to Use a Quest 3 Like the Vision Pro