Microsoft confident in security push

Ten months after a company call to make Windows more trustworthy, a company executive said the initiative is paying off.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
2 min read
MOUNTAIN VIEW, Calif.--Ten months after Microsoft Chairman Bill Gates called on company employees to make Windows more trustworthy, a company executive said the initiative is paying off.

Speaking at the software giant's monthly Silicon Valley Speaker series, Craig Mundie, senior vice president for advanced strategies and policy, said that headway has been made in the company's Trustworthy Computing initiative.

Other companies will have to follow suit or potentially lose consumer trust, he said.

"Beyond Microsoft, (trust) will be the defining issue for the industry," he said. "If we want to enjoy the business and results we will have to put our IQ into dealing with this issue."

The speech comes a year after Microsoft declared at its Trusted Computing conference that security had to be a higher priority for computers connected to the Internet.

One bright spot in the company push is the creation of error-reporting software. The software allows volunteers using Windows XP to let their computer automatically report any bugs that may have caused an application to crash.

While Microsoft's new initiative makes catching bugs a priority, the new software also allows the company to address security issues before consumers get overly frustrated.

The bug-collecting software has shown that one percent of application errors are responsible for nearly 50 percent of all crashes. And the top 20 percent of errors account for more than 80 percent of all problems.

"It lets us know what is going on in the real world; the panoply of cases of which there is no possible way you could test," Mundie said.

The company also counts privacy enhancements to Media Player 9, unveiled in September, as a success. The feature forces users, immediately following installation of the software, to set a privacy policy for how the Media Player handles their information.

The security push hasn't been without some cost, however. Soon after Gates' memo, Microsoft stopped Windows development so that the company could train developers and project personnel in secure programming practices. The total cost for this project topped $100 million, Mundie said.

Microsoft has also pushed back its next generation of server software, .Net Server. Among the reasons for the delay is the company's new focus on security.

Phasing out older, more vulnerable versions of the Windows operating system has also been poorly received. Microsoft no longer supports Windows 95, and recent vulnerabilities that could affect that operating system's security have gone unpatched--despite the fact that the operating system is still widely used.

The move is part of the initiative to make the supported installed base more secure, Mundie said.

"Even if it means we break some applications, we are going to make things more secure," he said.