This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

CNET News Video: Internet both safer and more dangerous

About Video Transcript

CNET News Video: Internet both safer and more dangerous

6:39 /

In an interview, Microsoft security executive Scott Charney tells CNET News' Ina Fried about the latest threats as well as new ways that Microsoft is trying to thwart the hackers.

>> Ina Fried: I'm Ina Fried with CNET News. I'm here with Scott Charney, a Corporate Vice President in Microsoft's Trustworthy Computing Unit: its security group. Scott spoke earlier this week at the RSA Security Conference here in San Francisco. Scott, thanks for taking the time. >> Scott Charney: Thanks for having me. >> Ina Fried: I'm curious I guess, just to start it off -- I mean we hear a lot about security on the internet. We always hear about it. Is the internet getting fundamentally safer or a more dangerous place? >> Scott Charney: Well actually a little of each. I mean as new security technologies have come to the fore, many people engage in millions of transactions everyday without any problem at all. But there is still a sense that it is not safe enough. It was not built for the uses that we currently use it for: all these commercial transactions. As we move to cloud computing there will be more and more personal information online. I think most people want the internet to be safer. They want to worry less about things like phishing and identity theft. And there are a lot of companies and governments worried about losing proprietary information on the internet. >> Ina Fried: For the last couple years we've been hearing about threats getting more targeted, less of these widespread, more targeted at money as well and less at notoriety. But we are again hearing about sort of these widespread attacks you know with Conflicker and so forth. Why are we still dealing with these widespread type of exploits? >> Scott Charney: Well some of those widespread exploits take advantage of older platforms. So for example when the industry got very serious about security in the post 9/11 world, we built a lot of technologies into the Windows platform for example to make it safer. We turned on the firewall by default and we did address space layer randomization which sounds very technical, but essentially it forces malware to misfire. And therefore people running Vista for example were not affected by Conflicker in the same way. The challenges that people run all the versions of the operating system that were built before we had this focus on security. >> Ina Fried: One of the things which you've been talking about recently which is somewhat unusual to hear from a Microsoft executive is actually the importance of hardware in creating a more secure overall ecosystem. Why is it important to have security features built into the hardware? >> Scott Charney: In a nutshell, software is malleable and hardware is harder to tamper with. And ultimately you want to know that everything that's running on your machine goes down to some fundamental root of trust and that needs to be in the hardware. So we're big fans of what's called the trusted platform modular TPM. And we think putting more security in the hardware - not just in the TPM - but smart cards or dongles, other physical pieces of hardware that you have is a good thing to do. >> Ina Fried: How has Microsoft security strategy changed more in recent years? Obviously people remember you know the days of Bill's Trustworthy Computing Memo and you know when Microsoft stopped everything to work on security, but we haven't heard as much in recent years about really "What is the crux of where Microsoft's putting its energy in terms of security?" >> Scott Charney: So in the early years we picked a lot of low hanging fruit. We changed the way we developed products and we built tools to get rid of things that were commonly exploited such as buffer overruns. As we've done that though the criminal population has become more sophisticated and more targeted in their attacks. So a year ago I wrote a paper called "Establishing End to End Trust." And what we're really focused on is building a trusted stack [assumed spelling] - that is the hardware operating systems application, data and people - should all be verified in the right circumstances so that you know what's running on your machine and who you're dealing with. And we have to do that in a way that also preserves anonymity, free speech and other democratic values. So the real key is giving users control over their environment so they have the ability to share information about themselves or verify who they're dealing with when they want to, but be anonymous in other circumstances. >> Ina Fried: On the consumer side, one of the changes that Microsoft's making is for awhile now you guys had been in the consumer antivirus space with Windows Live OneCare: a paid product. You guys said we're going to discontinue that product. We're going to offer a more basic free product. What significance do you think that will have for the overall security landscape and where are things as far as that product which is code named Morrow [assumed spelling]? >> Scott Charney: Yeah that product is still in development. I'm optimistic that it is the right thing to do for security because we've found that still a lot of consumers weren't running basic antivirus software. And for it to be really effective, the broadest possible distribution is necessary so I think that giving it away to your consumers so that they can run it for free is the right thing to do. >> Ina Fried: And what about on the enterprise side? It seems like a lot of things are moving to the hosted realm. You guys recently offered a hosted security product. You know does Cloud computing and the switch to more services, does that make things again more secure, less secure or a combination of the two? >> Scott Charney: I think that this computing model's going to change somewhat dramatically. In Windows 7, we have something called direct access which is really a pure to pure model for the enterprise. And it's good because it relies on IPV 6 which is more robust than IPV 4 and it also uses IPsec so you're encrypted end to end. And there are other things that we enforce when we use direct access at Microsoft like two-factor log on to the desktop. So I think the network model is changing. It's becoming more information centric and overall it creates a better security model. >> Ina Fried: For all the time and energy that you and other folks at Microsoft put into security you know still when people think about computer security attacks, often times Microsoft is what comes to mind. Your rivals Apple and so forth get kind of a free pass when it comes to security. Is that something that's frustrating to you as someone who spends all their time working on security that Microsoft doesn't get more credit in this area? >> Scott Charney: Well actually I think we're getting a lot of credit today but we are ubiquitous. We have a large amount of market share. People are very familiar with Microsoft products and therefore we've always been a target for the hacker community. In some odd way that causes us to be even better, but I think we are getting credit. When I joined Microsoft in 2002, Microsoft did not have any reputation for making secure products. And now you see many people including other large companies, saying that our security development life cycle is really a great model and they give us credit publicly. So I think we've made huge advances but because we have such large market share, we are going to be the target of attacks and we just need to be better. >> Ina Fried: Thanks Scott. I've been speaking with Scott Charney, Microsoft's Corporate VP for the Trustworthy Computing Unit. He spoke earlier this week at RSA. For CNET News, I'm Ina Fried.

New releases

Apps to help you plan your social life
1:04 March 6, 2015
It's time to break out of that social rut and jump-start your weekends and free time with new activities, restaurants and day trips....
Play video
Tomorrow Daily 140: Google's Atari AI, a futuristic doghouse for £20,000 and more
26:40 March 5, 2015
We check out a robot that could be a precursor to dinosaur robots, an extravagant doghouse full of luxury amenities, and an AI build...
Play video
The push to make VR headsets mainstream
1:42 March 5, 2015
Video games are literally going to people's heads. At the Game Developers Conference, virtual reality headsets were all the rage as...
Play video
Inside Scoop: Watches and what else to expect from Apple on March 9
2:49 March 5, 2015
CNET's Kara Tsuboi and Shara Tibken talk about what news might emerge from Apple's upcoming media event in San Francisco. Price and...
Play video
Hackaball brings the iPad to the playground, Ep. 194
4:37 March 5, 2015
This week on Crave we get to play with the Hackaball at the playround, find out what it would be like if Wes Anderson directed an X-Men...
Play video
Meerkat mania: Live-streaming app is new Twitter trend
2:50 March 5, 2015
Learn how to broadcast video on Twitter with Meerkat, get the band back together for Rock Band 4, and let Google be your bartending...
Play video
Netpicks: Free TV episodes and new movies on iTunes for March 2015
1:51 March 5, 2015
It can be hard to catch all the new shows on TV, so Apple's made some premieres free for a limited time. Plus, iTunes gets some movies...
Play video
Kyocera heads for Europe with the rugged Torque
1:07 March 5, 2015
The durable and waterproof Kyocera Torque (s701) sports a 4.5-inch display and sets sail for Europe in the spring.
Play video