Steve Ballmer Details Microsoft’s Security Strategy

REDMOND, Wash. — Oct. 6, 2005 — Today in Munich, Germany, Steve Ballmer, Microsoft Corp.’s chief executive officer, and Mike Nash, corporate vice president of the Security Technology Unit, outlined Microsoft’s companywide strategy and product road map for helping secure the breadth of its customers from home PC users to businesses of all sizes. As part of its comprehensive security strategy, which focuses on a defense-in-depth approach, Ballmer announced Microsoft’s plans to release Microsoft® Client Protection, a solution to help protect business desktops, laptops and file servers from current and emerging malware threats. In addition, the company announced the creation of the SecureIT Alliance, which will further enable participating security partners to efficiently integrate their solutions with the Microsoft platform to build new security features and products for the benefit of their common customers.

“At Microsoft, we’re investing heavily in security because we want customers to be able to trust their computing experiences, so they can realize the full benefits of the interconnected world we live in,” Ballmer said. “With the continuing onslaught of malware, viruses, phishing attacks and other kinds of Internet fraud, creating a more secure computing environment requires a concerted, long-term effort on the part of all technology companies, as well as customers and governments.”

Microsoft’s Security Strategy

Recognizing there is no single solution to resolve all security and safety issues, Microsoft has taken a multipronged approach to security, with efforts to better secure its platform in three key areas: making the right technology investments, providing customers with clear prescriptive guidance, and partnering closely with the security industry, governments and law enforcement.

“Customers are telling us what our research shows: the nature and complexity of online threats and attacks are continuing to evolve, and hackers, thieves and pirates are getting more sophisticated,” Nash said. “At Microsoft, we believe customers have the right to know what software is running on their machine, how it got there, its purpose and how to remove it if necessary. To help our customers combat the evolving threats and to have those rights protected, we are taking a holistic approach to security that includes developing new technology, partnering with the industry, and keeping customers as educated as possible about how to stay ahead of the latest threats facing them.”

Microsoft will continue to make significant investments in technology to help customers mitigate their security risk. These efforts will include ensuring the highest degree of quality in Microsoft software, delivering new security technology innovations in the Windows® platform, and developing security products and services that will evolve to meet future security needs. Microsoft is taking a defense-in-depth approach to protection and is aligning its technology investments around three core pillars:

  • Fundamentals. Microsoft seeks to provide a built-in level of safety and security in computers and software. This includes improvements to the security of software code through the Engineering Excellence initiative and investments in technologies that help keep software updated and more secure throughout its life cycle.

  • Threat and vulnerability mitigation. Microsoft’s goal is to offer industry-leading integrated security technologies that provide defense-in-depth protection against threats and vulnerabilities, giving customers more central visibility and better control of the security environment.

  • Identity and access control. Microsoft’s objective is to provide technologies that allow legitimate users to retrieve information while making it more difficult for unauthorized users to gain access to resources. These include technologies that verify user identity, control what resources users are allowed to access based on policy, allow management of such users over time, and better protect access to data throughout its life cycle.

Microsoft Client Protection

Microsoft Client Protection will help protect business desktops, laptops and file servers by providing unified protection against emerging threats such as spyware and rootkits, as well as viruses and other traditional attacks.

“We have heard from business customers that they want protection from viruses, spyware and other malware threats with a single solution. Backed by a global research system, Microsoft Client Protection will address this need with one solution that combines proven protection technology with integrated management and reporting capabilities,” Nash said.

An integrated management console puts IT professionals in control of their environment, and prioritized reports and alerts help focus resources on critical issues. Microsoft Client Protection will integrate with existing IT infrastructure, such as Active Directory® and existing software distribution systems, helping to reduce deployment time and maximize value.

The product is currently in development and Microsoft plans to make an early beta of the product available to select customers later this year. Pricing and licensing will be announced at a later date (

Microsoft Antigen

Today Microsoft also announced plans to release Microsoft Antigen anti-virus and anti-spam security software for messaging and collaboration servers based on the technology from recently acquired Sybari Software Inc. Adding to the defense-in-depth strategy inherent in Microsoft Antigen, Microsoft will add its own anti-virus scan engine. When it is available, customers of the Microsoft Sybari product line will benefit from the addition of the Microsoft anti-virus scan engine at no additional charge throughout the length of their contracts. In addition, Microsoft Antigen for Exchange recently completed Microsoft’s Security Development Lifecycle review process, which has been shown to achieve measurably improved levels of security for numerous Microsoft software solutions. Microsoft Antigen for Exchange is scheduled to be available in beta to customers in the first half of 2006.

Today Microsoft also released a white paper detailing its security technology investments and road maps. The paper is available at

Industry Partnerships

Technology is but one way that Microsoft is working to address the security challenge. The company is also working collaboratively with security partners, law enforcement and policymakers in the industry. Today Microsoft also announced the SecureIT Alliance, a group of security partners that are working together to develop security solutions for the Microsoft platform. The SecureIT Alliance expands the security and Internet safety partnerships Microsoft has with other industry leaders and governments, including the Virus Information Alliance and the Global Infrastructure Alliance for Internet Safety. More information on the SecureIT Alliance can be found at

As part of its ongoing collaboration with goverments worldwide, Microsoft worked recently with the United States Federal Trade Commission (FTC) on the FTC’s creation of, a new Web site designed to help consumers guard against Internet fraud, better secure their computers and protect their personal information. The new Web site includes tips, articles, videos and quizzes for safer computing. complements and leverages Microsoft’s own consumer education and awareness efforts through its Protect Your PC campaign and security guidance Web site for consumers. More information can be found at

More information about Microsoft’s efforts regarding security can be found at

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at

Related Posts