X

This week in security

Bill Gates acknowledges IE has become security risk, as he announces browser update will ship separately from next major version of Windows.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read
Just when you think you have Bill Gates' next move figured out, he goes and does the opposite.

Reversing a longstanding Microsoft policy, Gates said the company will ship an update to its browser separately from the next major version of Windows. A beta, or test, version of Internet Explorer 7 will debut this summer, Microsoft's chairman said in a keynote address at the RSA security conference in San Francisco.

In announcing the plan, Gates acknowledged something that many outside the company had been arguing for some time--that the browser itself has become a security risk. "Browsing is definitely a point of vulnerability," Gates said.

As recently as August, Microsoft said that no new standalone version was planned before Longhorn, and the company reiterated back then that its plan was to make new IE features available with major Windows releases.

Gates also ended speculation about whether Microsoft was shifting to a paid model when he announced that the company will provide customers with its new anti-spyware software for free. The pledge comes after the company had been testing its AntiSpyware application--technology it acquired with its purchase of security software maker Giant Software.

"Just as spyware is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge," Gates said.

The initiative is part of Microsoft's efforts to strengthen security for home and business users of its Windows desktop software. Consumers are not always aware of the dangers from such threats as spyware, viruses and phishing. A study published last October found that more than 80 percent of consumers had been infected by spyware.

If Symantec CEO John Thompson is worried by Microsoft's effort to invade his company's large consumer security business, he isn't letting on to it. Thompson said Symantec would rely on the capability of its products--and not antitrust regulators--to fend off the challenge.

"I don't plan to go to the Justice Department and whine about Microsoft's monopoly," Thompson said. "I'd rather fight Microsoft in the marketplace because I'm sure we'll whip them."

Symantec's ability to defend its consumer business is critical to the company, given that half its revenue and its rapid growth have come from selling antivirus and other security software to home PC owners and small businesses.

Despite Thompson's confidence in his company, analysts noted that Microsoft could yet become a force in the security market. While most acknowledged that Microsoft can quickly ramp up to build useful applications for battling spyware and other pests, the consensus among Microsoft's newest rivals was that the learning process would take years rather than months.

"It will take them some time to get to a point where they're truly competitive against people who have real experience in this field," said Gene Hodges, president of security software maker McAfee.