Q&A: How Microsoft Is Refocusing on Security, Reliability, Privacy, and More, as Part of Trustworthy Computing Initiative

San Jose, Calif., February 20, 2002 — Computer security and privacy are among the top concerns facing not only information technology professionals, but also anyone who uses a computer. Every week there are reports of newly discovered security problems in all types of software, from individual applications and services to Windows, Linux, UNIX and other platforms. How will your desktop computer — or your company’s enterprise network — fare when the next computer virus hits? How safe or private is your personal information? Does the computer industry have a long-term plan to address these concerns, and what can the industry, and you, do today? Earlier this year, Microsoft accelerated its response to these concerns, launching a companywide effort called Trustworthy Computing. One of the key Microsoft executives leading this initiative is Craig Mundie, Senior Vice President and Chief Technical Officer, Advanced Strategies and Policy, who today addresses issues including computer security and privacy in a keynote speech at the RSA Conference 2002 in San Jose, Calif. To preview the speech, explore Trustworthy Computing, and learn what’s ahead for Microsoft, customers and the industry, PressPass spoke with Mundie:

Craig Mundie, Senior Vice President and Chief Technical Officer, Advanced Strategies and Policy Click for high-resolution image

PressPass: Give us a preview. What do you intend to tell the RSA Security Conference audience?

Mundie: There are a few key themes I intend to emphasize in my talk. First, making computing more trustworthy is an industry-wide problem, but it’s also one with tremendous implications for Microsoft, and we have completely refocused the company in a profound way to make Trustworthy Computing our number one priority, bar none.

Second, people confuse “security” and “Trustworthy Computing.” Security is a key component of what we call Trustworthy Computing, but it’s only one component — along with privacy, availability, reliability and integrity, among others. Third, while we’re engaged in a major effort that has already borne fruit, and will continue to do so over the coming months, making computers inherently trustworthy is a complex, long-term problem that may take a decade or more for the industry to satisfactorily address. And even then it will require constant effort to maintain that level of trustworthiness.

PressPass: I’d like you to elaborate on each of those points. But first, put the issue into some perspective. What do you mean precisely by Trustworthy Computing?

Mundie: As computers become a bigger part of our lives, it’s increasingly important that customers be able to trust them, be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services or telephony. And it is Microsoft’s primary, long-term, companywide focus.

Today, in the developed world, we don’t worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about whom we call or what we say will be compromised. We understand that these services are not foolproof, but we have a level of confidence in their ability to do what we need them to do, when we need them to do it.

Computing falls well short of this, ranging from the individual users who aren’t willing to add a new application because it might destabilize their systems, to the corporations that move slowly to embrace e-business because today’s platforms don’t make the grade. In one sense, it doesn’t matter why a customer doesn’t trust computers — whether the person is concerned about viruses, hackers, abuse of data by corporate marketers, system crashes, or sluggish performance during periods of peak use. All of these issues affect trustworthiness, so all must be addressed to deliver Trustworthy Computing.

The comparison to telephony raises another issue. Most, if not all, technologies, go through a cycle and reach a point where trustworthiness becomes important. When telephones first came along, the fact that they worked at all was a novelty. Then they became cheaper and more plentiful. Trustworthiness wasn’t an issue, because they weren’t relied upon as an integral component of daily life. Now, phones — especially cell phones — have become so ubiquitous in part because we take it for granted that they will work. And so we rely on them much more than we ever relied on telephones in the past.

Similarly, we are relying more on computers than ever before, and the Internet is only accelerating that trend. So now is the time that computers must become fully trustworthy if they’re to become truly ubiquitous. We’re not there yet.

PressPass: When and why did this become a major concern to Microsoft?

Mundie: Microsoft has always had an interest in making secure products and in protecting user privacy, but there’s been a steadily rising chorus of demands for greater attention to these issues — from both inside and outside of the company. Two years ago, for example, we released the first Office patch for mail-borne viruses to protect users of Outlook 98 and Office 2000. Last year the same protection was included as a security enhancement in OfficeXP.

We had our first Microsoft conference on security and privacy more than a year ago — the first ever to bring together security and privacy communities to discuss how their concerns and issues relate to each other. Our most recent conference — Trusted Computing Forum 2001 — was the subject of even keener industry interest. We’ve also been working in the privacy space for two years, both to ensure that we as a company comply with industry, national and international policies, and also to ensure that we help customers by incorporating privacy standards and technologies into our products, such as the P3P standards that are part of Internet Explorer 6.0.

But the events of September 2001 made it clear that the threat model had changed. The terrorist attacks on Sept. 11 made it clear that breaches of security could do more than compromise systems; they could cost lives. And, earlier that year, Nimda and the Code Red Worm underscored the vulnerability we face in the cyber world. As a result, our customers told us that their priorities were changing. Security and availability of systems in the face of threats had become top concerns for CIO’s around the world.

PressPass: How did Microsoft respond?

Mundie: We began to respond immediately. For example, our Microsoft Visual Studio .NET development system — which we launched this month — was under development at the time. Visual Studio .NET is the essential enabler of .NET, and we see .NET as the future of computing. So it was crucial that Visual Studio .NET be absolutely as secure as possible. In the weeks leading up to the launch, we had the entire team do another in-depth code review focused solely on security issues, and made some significant changes in the product as a result — and did so without missing our release deadline.

There were other efforts going on as well. In October, we rolled out our Strategic Technology Protection Program to make Internet Information Server (IIS) and Windows .NET Server secure by default, and to educate customers on how to get and stay secure. We shipped Windows XP, the most reliable, the most secure operating system we’ve ever made. We built error-reporting features into Office XP and Windows XP to give product teams better information on how to improve reliability, and so on.

Each of these efforts was a step in the right direction, but it was clear we needed a more formalized corporate initiative to effectively unite the company toward a defined goal. That’s what Bill (Gates) did with his companywide e-mail memo in mid-January, laying the groundwork for the Trustworthy Computing initiative.

PressPass: Tell us about that memo.

Mundie: Bill doesn’t do this often; only once every few years does he write a memo that sets direction for the entire company. For example, he did it several years ago with a memo on the Internet that absolutely galvanized us. This year, he tackled the issues of Trustworthy Computing. Once again, Bill was unambiguous. He said that “ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work,” and he directed employees to put more emphasis on these issues than on adding new product features — because great features won’t matter unless customers trust our software. Our products should emphasize security right out of the box. He made it clear that we needed to do better as a company on these issues.

PressPass: You mentioned some of the things that Microsoft has been doing as a part of the Trustworthy Computing initiative. What else is on the agenda?

Mundie: Throughout this month, we have put every Windows developer we have — more than 8,500 of them — through a training course on advanced security programming. Following the training, they will begin an intensive review of the Windows source code to put the training into action. And that review will only be the first step of a new way we develop software at Microsoft, a process that infuses security into every aspect of the development process, much as quality control was infused into the manufacturing processes of companies in the years after World War II. We’re also currently working to deploy a new internal privacy directive. It’s a comprehensive reference for privacy principles and policies aimed at providing an end-to-end strategy, including policy, implementation, training, measurement and monitoring of activities.

PressPass: You mentioned that Trustworthy Computing is an industry-wide concern. What does the rest of the industry need to do?

Mundie: A lot of work has to be done before we reach a place where people inherently trust their computing systems. We are doing everything we can right now to address current problems and to change the fundamental way in which we develop software to make it as private and secure as possible. But that isn’t the whole solution, and Microsoft can’t do it alone. It is crucial that we work together as an industry to address this issue. We are not going to solve it overnight, but through collaborative work and a long-term commitment, we will move toward the right solutions.

So, for example, we’re working with IBM on this issue. Together, we jointly took the lead in founding the Web Services Interoperability (WS-I) Organization. One of its goals is to develop implementation guidelines that will enhance the trustworthiness of XML-based Web services. We’re also working with the industry to build trustworthiness into the Global XML Architecture that will flesh out Web services with the infrastructure they need to be industrial-strength. On the privacy front, we’re working with the industry on P3P and, as I mentioned earlier, we support it within Internet Explorer 6.0. We can and will do more, but these are important steps in fostering industry collaboration toward a common goal.

PressPass: Earlier, you called Trustworthy Computing a long-term initiative. How long is “long-term”?

Mundie: We’ll never stop focusing on Trustworthy Computing, because there will always be new issues, new threats. That said, the industry is about five to 10 years away from having systems with the degree of trustworthiness that customers need for the ways they’d like to use computers and the Internet.

PressPass: Why so long? What needs to happen?

Mundie: Part of the reason it will take so long is that the emergence of the Web and the continuing improvement in price/performance keep changing the nature of computing, so those who are attempting to achieve Trustworthy Computing are aiming at a moving target. There are an exponentially increasing number of processors out there, and the Internet is connecting all of them to each other. We need new software, new architectures, new paradigms, to manage this. The software paradigm that works when you have a single computer isn’t necessarily the same paradigm that will work for millions of loosely connected, distributed processing points, all sharing messaging with each other — and all under a constant barrage of evolving security threats. Rethinking how we rewrite software and the platform on which we run that software is a long-term concern, because such an operating system will take years to develop. That’s one reason.

Another reason it will take so long is that there are some hard, basic research questions that need to be addressed — and we don’t yet have the frameworks to get those questions addressed. For example, there’s no framework through which to address the tradeoffs between reliability, security and quality. When and by how much does a change in one of those factors lead to a change in the others? We don’t know. Computer science needs to think of new ways to describe this world.

There are practical issues to be addressed as well. Computer systems are growing, multiplying too quickly to be administered manually by human administrators. Millions of processors will have to be administered by themselves or by other machines. We currently have no robust ways to set policies and assure proper implementation of those policies in this type of environment. Computer science will need to come up with breakthroughs to deal with this.

PressPass: And until then?

Mundie: Until then, we do the short-term things we can do, things that will also significantly enhance Trustworthy Computing. We train or encourage training for everyone involved in the process — developers, manufacturers, integrators, trainers, customers — in the tools and best practices available today. We value security above new features when there is a tradeoff between the two. We conduct in-depth reviews of our products for security and reliability and we build those reviews into the software development process. We work with others to set and adhere to standards for privacy.

All of these steps will make computing more trustworthy than it is today. And customers need to use our products — and everyone else’s — with an understanding of their fundamental trustworthiness, so that they can make informed choices about that use.