SAN FRANCISCO, Feb. 24, 2004 — Microsoft Corp. Chairman and Chief Software Architect Bill Gates today outlined innovative technology investments and industry cooperation to help address the needs of businesses and individuals in the face of the threat posed by malicious software code. During his keynote address at the RSA Conference 2004, Gates demonstrated new and emerging technologies designed to help improve security of IT systems and build resiliency into desktop and server systems.
Gavin Jancke (R), Development Manager with Microsoft Research, shows Bill Gates, Microsoft Chairman and Chief Software Architect, new biometric ID-card technology. Click image for high-res version.
“The industry is facing an increasingly complex and sophisticated security landscape,” Gates said. “Security advancements outlined today, as well as industry collaboration and innovations in security technology for the future, will play a key role in providing users with a safer and more seamless computing experience.”
Highlights of the keynote include the following:
The announcement that Microsoft is investing in the development of security technologies to extend integrated protection to PCs, to make them more resilient in the presence of worms and viruses
Gates demonstrating, for the first time, upcoming security enhancements in Windows®
XP Service Pack 2 including Windows Firewall, Windows Security Center and browsing enhancements in Internet Explorer
An outline of Microsoft’s technological approach for reducing spam, including its Coordinated Spam Reduction Initiative (CSRI) and technical specifications for the establishment of caller ID-like functionality for e-mail to help prevent domain spoofing
The announcement of Exchange Edge Services, a milestone in the development of next-generation Microsoft®
Exchange Server e-mail protection and security technologies to better protect users’ systems from viruses and junk e-mail
In addition, Gates announced new and expanded industry alliances:
Five new members — F-Secure Corp., Global Hauri, Norman, Panda Software and Sophos Plc — have joined the Virus Information Alliance (VIA), a centralized resource formed in May 2003 to help Internet users find information about the latest virus threats affecting Microsoft technology. The alliance, whose members now include 10 leading anti-virus vendors and Microsoft, offers recommended best practices for helping protect against malicious attacks, information about specific viruses and worms, how-to articles, and links to other anti-virus resources through a TechNet Web page at http://www.microsoft.com/technet/security/virus/default.asp
The Global Infrastructure Alliance for Internet Safety (GIAIS), an alliance with leading Internet service providers (ISPs) worldwide including BT, Chunghwa Telecom, Cox Communications, EarthLink, KT (Korea Telecom), MSN®
, NTT Communications, Planet Internet, Shaw Communications, TDC, T-Online, TeliaSonera, Tiscali SpA, United Online, Wanadoo and Xtra (Telecom New Zealand), was formed to drive a more secure Internet environment for consumers by educating and protecting them against the threat of malicious code attacks.
Investments in Security Technology
In his keynote address, Gates described an increasingly sophisticated security landscape in which worms and viruses unleashed by criminals represent multifaceted threats. In response to this evolving security landscape, Gates discussed how Microsoft is taking steps toward making computers more resilient in the presence of worms and viruses, enabling customers to communicate and collaborate in a more secure manner. Microsoft is focusing on the development of technologies designed to make this vision a reality and extend protection to PCs themselves.
“No single technology can adequately protect against the many different kinds of attacks that computers face,” Gates said. “Resiliency can only be achieved with a combination of security technologies designed to combat the sophisticated threat from worms and viruses.”
This approach begins with Windows XP Service Pack 2 (SP2), currently in beta release. In his keynote address, Gates demonstrated new enhancements to Windows XP, including the new Windows Security Center, which will enable users to automatically check the status of essential security features, such as firewall, automatic update and anti-virus functionality. When a problem is detected, customers will receive a notification and recommended steps to help them improve security.
Microsoft is working closely with PC manufacturers to deliver Windows XP SP2 to customers. “HP remains committed to providing security solutions to businesses, small companies and consumers that help protect them from both known and unknown threats. Our strategy has been, and continues to be, to make security a built-in piece of everything we provide, not a bolt-on,” said Jim McDonnell, vice president of worldwide marketing at HP. “As part of that commitment, HP is pleased to bring our customers these additional security enhancements through Microsoft Windows XP SP2.”
“Dell is committed to providing customers with technology products that enable a high level of security, and welcomes the security enhancements that Windows XP SP2 will provide to an overall security framework,” said Jim Totton, vice president of software for the Product Group at Dell. “Through our relationship with Microsoft, we are able to provide development input to address the security requirements of our global customers. We support Microsoft in its commitment to help customers protect their IT assets and minimize risk.”
Over time, Microsoft envisions that active protection technologies will be designed to run on Windows-based computers in a network — servers, desktops and laptops — and will have the following capabilities:
Dynamic system protection to proactively adjust defenses on each computer based on changes in state, reducing the likelihood of a successful attack
Behavioral blocking to limit the ability of worms and viruses to cause damage once on a computer, helping contain attacks and acting as a last line of defense
Application-aware firewall and intrusion prevention to identify malicious traffic and stop it, helping prevent infection
Gates emphasized that these development investments are only the beginning, and that people can expect to see these technologies used more broadly in the future.
Extending Security Training to Developers
To help developers take advantage of the new security features in Windows XP SP2, Microsoft is providing free interactive online training and other technical resources on the MSDN®
Web site ( http://msdn.microsoft.com/ ). Developers will have access to advanced new tools designed to simplify the process of creating more secure applications. For example, “Whidbey,” code name for the upcoming release of Visual Studio®
, and the Microsoft .NET Framework will contain software-based tools developed by Microsoft Research designed to provide static defect prevention and detection and mitigation capabilities for managed and unmanaged code, enabling developers to build more-secure applications.
Helping Protect Customers Against the Threat of Spam
Gates also announced a detailed vision and proposal on what technology can do to help decrease spam, including outlining Microsoft’s Coordinated Spam Reduction Initiative (CSRI) and technical specifications for the Caller ID for E-Mail feature. CSRI is Microsoft’s long-range technological plan for dramatically reducing spam by establishing verifiable identity in e-mail through a caller-ID-like approach, setting reasonable behavior policies for high-volume e-mail senders, and creating viable identification alternatives for smaller-scale e-mail senders.
Gates noted that Microsoft is moving ahead with plans for a pilot implementation of Caller ID for E-Mail in its Hotmail®
service. In addition, the company continues to work with other organizations, including Amazon.com and Brightmail Inc., to help test this proposal.
IT Systems Security
Gates announced that Microsoft will be delivering Exchange Edge Services, an enhancement to the SMTP relay implementation in Exchange 2003. With Exchange Edge Services, Microsoft will provide an enhanced set of services aimed at enabling customers to better protect their e-mail system from junk e-mail and viruses as well as improve the efficiency of handling and routing Internet e-mail traffic.
A priority of Exchange Edge Services is to provide a solid, extensible infrastructure that industry partners can use to deliver innovative and robust solutions to help address customer needs for improved e-mail security and hygiene at the network boundary. Exchange Edge Services will provide a new way to extend Windows-based infrastructure and can serve as an alternative to the complicated legacy systems used to protect the e-mail perimeter today.
Enabling Trust Scenarios
Gates discussed Microsoft’s work to extend security technologies, demonstrating a technology created by Microsoft Research called the Microsoft Tamper Resistant Biometric ID Card, a cryptographically tamper-resistant identification card that can be easily deployed using simple, low-cost hardware and regular paper.
Gates also highlighted the availability of the Security Scenarios Working Group draft for public review. The Security Scenarios document, which was developed by the Web Services Interoperability Organization (WS-I) Security Profile Working Group, identifies security challenges and threats in building interoperable Web services and proposes countermeasures for these risks. In addition, Gates noted that Microsoft has successfully completed U.S. Federal Bridge Certification Authority (FBCA) interoperability testing with the Windows Server (TM) 2003 Enterprise Edition platform and is pleased to announce its availability to customers that want to participate in the FBCA architecture. This is an especially notable event for Microsoft, U.S. federal agencies and customers around the world, because it demonstrates Microsoft’s commitment to interoperability in heterogeneous environments as well as its determination to develop a security platform for high-assurance applications and services.
Gates concluded his keynote address by reiterating Microsoft’s commitment to helping improve security in computing with a multipronged strategy that spans technology and social aspects such as education and raising awareness, noting Microsoft’s focus on quality, innovation and partnership.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.
Microsoft, Windows, MSN, MSDN, Visual Studio, Hotmail and Windows Server are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .