Want CNET to notify you of price drops and the latest stories?

Gates vows better security for customers

Microsoft's chairman says the software giant has taken great strides to secure its products, but acknowledged that the company is still a far cry from "Trustworthy Computing."

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Microsoft Chairman Bill Gates said in an e-mail Thursday that the software giant has taken great strides to secure its products, but acknowledged that the company still has far to go to achieve its goal of "Trustworthy Computing."

The e-mail message to Microsoft's customers is the latest monthly missive sent by the company's executives as part of a customer-relations drive known as Executive Emails. Coming a year after Gates exhorted company employees to focus on security, privacy and reliability, the memo predictably focuses on the results of that initiative.

"While we've accomplished a lot in the past year, there is still more to do--at Microsoft and across our industry," Gates wrote in the e-mail message, citing data from the Computer Security Institute and the FBI that estimated the damage from cyberattacks in 2001 at $455 million.

Two large incidents--the Code Red and Nimda worms--were a wake-up call for the software giant in 2001 and directly led to Gates' call to arms for the company.

"As we increasingly rely on the Internet to communicate and conduct business, a secure computing platform has never been more important," he wrote in the latest memo. "Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated."

In the past year, the software giant has retrained 11,000 developers in the basics of secure programming at a cost of more than $200 million in lost productivity, according to Microsoft estimates. Most of the effort will be first evident when the company releases Windows Server 2003, now due out this April after three delays.

However, Gates outlined several other projects that Microsoft completed this year that the company's executives have touted as illustrating the giant's dedication to Trustworthy Computing.

To increase the security of its software during the design process, the company has interjected a handful of new analyses and security checks. A technique known as threat modeling, where designers and programmers hash out the largest security threats to a given piece of software, has become a core facet of the company's design stage, Gates said in the memo.

"Fully one-half of all bugs identified during the Windows security push were found during threat analysis," he wrote.

Gates also expounded on the need for new security technology, such as that embodied by the company's controversial Palladium project, to eliminate "weak links" in computer systems.

Looking forward to what he called the coming "Digital Decade," Gates warned that as "billions of intelligent devices" are interconnected new threats will emerge.

For the time being, however, he urged patience for the company's efforts and perseverance for those on the front lines.

"There are three things customers can do to help: 1) stay up-to-date on patches, 2) use antivirus software and keep it up-to-date with the latest signatures, and 3) use firewalls."