This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

CNET News Video: Internet both safer and more dangerous

About Video Transcript

CNET News Video: Internet both safer and more dangerous

6:39 /

In an interview, Microsoft security executive Scott Charney tells CNET News' Ina Fried about the latest threats as well as new ways that Microsoft is trying to thwart the hackers.

>> Ina Fried: I'm Ina Fried with CNET News. I'm here with Scott Charney, a Corporate Vice President in Microsoft's Trustworthy Computing Unit: its security group. Scott spoke earlier this week at the RSA Security Conference here in San Francisco. Scott, thanks for taking the time. >> Scott Charney: Thanks for having me. >> Ina Fried: I'm curious I guess, just to start it off -- I mean we hear a lot about security on the internet. We always hear about it. Is the internet getting fundamentally safer or a more dangerous place? >> Scott Charney: Well actually a little of each. I mean as new security technologies have come to the fore, many people engage in millions of transactions everyday without any problem at all. But there is still a sense that it is not safe enough. It was not built for the uses that we currently use it for: all these commercial transactions. As we move to cloud computing there will be more and more personal information online. I think most people want the internet to be safer. They want to worry less about things like phishing and identity theft. And there are a lot of companies and governments worried about losing proprietary information on the internet. >> Ina Fried: For the last couple years we've been hearing about threats getting more targeted, less of these widespread, more targeted at money as well and less at notoriety. But we are again hearing about sort of these widespread attacks you know with Conflicker and so forth. Why are we still dealing with these widespread type of exploits? >> Scott Charney: Well some of those widespread exploits take advantage of older platforms. So for example when the industry got very serious about security in the post 9/11 world, we built a lot of technologies into the Windows platform for example to make it safer. We turned on the firewall by default and we did address space layer randomization which sounds very technical, but essentially it forces malware to misfire. And therefore people running Vista for example were not affected by Conflicker in the same way. The challenges that people run all the versions of the operating system that were built before we had this focus on security. >> Ina Fried: One of the things which you've been talking about recently which is somewhat unusual to hear from a Microsoft executive is actually the importance of hardware in creating a more secure overall ecosystem. Why is it important to have security features built into the hardware? >> Scott Charney: In a nutshell, software is malleable and hardware is harder to tamper with. And ultimately you want to know that everything that's running on your machine goes down to some fundamental root of trust and that needs to be in the hardware. So we're big fans of what's called the trusted platform modular TPM. And we think putting more security in the hardware - not just in the TPM - but smart cards or dongles, other physical pieces of hardware that you have is a good thing to do. >> Ina Fried: How has Microsoft security strategy changed more in recent years? Obviously people remember you know the days of Bill's Trustworthy Computing Memo and you know when Microsoft stopped everything to work on security, but we haven't heard as much in recent years about really "What is the crux of where Microsoft's putting its energy in terms of security?" >> Scott Charney: So in the early years we picked a lot of low hanging fruit. We changed the way we developed products and we built tools to get rid of things that were commonly exploited such as buffer overruns. As we've done that though the criminal population has become more sophisticated and more targeted in their attacks. So a year ago I wrote a paper called "Establishing End to End Trust." And what we're really focused on is building a trusted stack [assumed spelling] - that is the hardware operating systems application, data and people - should all be verified in the right circumstances so that you know what's running on your machine and who you're dealing with. And we have to do that in a way that also preserves anonymity, free speech and other democratic values. So the real key is giving users control over their environment so they have the ability to share information about themselves or verify who they're dealing with when they want to, but be anonymous in other circumstances. >> Ina Fried: On the consumer side, one of the changes that Microsoft's making is for awhile now you guys had been in the consumer antivirus space with Windows Live OneCare: a paid product. You guys said we're going to discontinue that product. We're going to offer a more basic free product. What significance do you think that will have for the overall security landscape and where are things as far as that product which is code named Morrow [assumed spelling]? >> Scott Charney: Yeah that product is still in development. I'm optimistic that it is the right thing to do for security because we've found that still a lot of consumers weren't running basic antivirus software. And for it to be really effective, the broadest possible distribution is necessary so I think that giving it away to your consumers so that they can run it for free is the right thing to do. >> Ina Fried: And what about on the enterprise side? It seems like a lot of things are moving to the hosted realm. You guys recently offered a hosted security product. You know does Cloud computing and the switch to more services, does that make things again more secure, less secure or a combination of the two? >> Scott Charney: I think that this computing model's going to change somewhat dramatically. In Windows 7, we have something called direct access which is really a pure to pure model for the enterprise. And it's good because it relies on IPV 6 which is more robust than IPV 4 and it also uses IPsec so you're encrypted end to end. And there are other things that we enforce when we use direct access at Microsoft like two-factor log on to the desktop. So I think the network model is changing. It's becoming more information centric and overall it creates a better security model. >> Ina Fried: For all the time and energy that you and other folks at Microsoft put into security you know still when people think about computer security attacks, often times Microsoft is what comes to mind. Your rivals Apple and so forth get kind of a free pass when it comes to security. Is that something that's frustrating to you as someone who spends all their time working on security that Microsoft doesn't get more credit in this area? >> Scott Charney: Well actually I think we're getting a lot of credit today but we are ubiquitous. We have a large amount of market share. People are very familiar with Microsoft products and therefore we've always been a target for the hacker community. In some odd way that causes us to be even better, but I think we are getting credit. When I joined Microsoft in 2002, Microsoft did not have any reputation for making secure products. And now you see many people including other large companies, saying that our security development life cycle is really a great model and they give us credit publicly. So I think we've made huge advances but because we have such large market share, we are going to be the target of attacks and we just need to be better. >> Ina Fried: Thanks Scott. I've been speaking with Scott Charney, Microsoft's Corporate VP for the Trustworthy Computing Unit. He spoke earlier this week at RSA. For CNET News, I'm Ina Fried.

New releases

Philips adds a 75W Replacement SlimStyle LED to its lighting lineup
2:17 November 22, 2014
This bigger, brighter version of the original SlimStyle LED looks like a strong value in its class
Play video
2015 Acura TLX V-6 Advance (CNET On Cars, Episode 54)
16:28 November 21, 2014
Acura hopes the TLX is what it will drive into the future, we explore the head-up display coming to your car soon, and check out the...
Play video
Los Angeles Auto Show 2014: CNET's editors choose their favorites
5:55 November 21, 2014
The press days are over here at the 2014 Los Angeles Auto Show. Before we head off into the Hollywood hills we took a moment to re-cap...
Play video
Watch Tony Hawk do endless 360s on a hoverboard, Ep. 184
5:36 November 21, 2014
This week on Crave, we can see sound waves. We might get to see an unexplored part of the moon. But most of all we get to see Tony...
Play video
The $199 HP Stream 11 wants to be as cloud-friendly as a Chromebook, but with Windows 8
2:18 November 21, 2014
If you keep expectations in check, this bargain-basement Windows 8 laptop has good battery life and a decent design.
Play video
Yamaha SRT-1000 gives good single-speaker surround
1:44 November 21, 2014
The Yamaha SRT-1000 sound base offers discrete looks, an astoundingly wide soundstage and plenty of features in a package that is still...
Play video
Hate ads? Pay Google to block them for you
2:50 November 21, 2014
Google is testing an ad-blocker service, Amazon may be inserting ads into streaming video, and Comcast lets you track the cable gu...
Play video
The 404 Show 1,584: Google Contributor, JFK has a drone problem, San Francisco's poo map (podcast)
30:08 November 21, 2014
We're back in the studio today! Join us for a very special episode complete with a full tour and the start of our Call of Duty: Advanced...
Play video