1 April 2004 Microsoft is beginning to win the war against hackers and virus writers, says Bill Gates.
The Microsoft chairman and chief software architect said that the company’s multi-billion dollar effort to improve its record on security, known as the ‘trustworthy computing’ initiative, has begun to deliver results.
In particular, Gates, in a letter to customers, cited a big fall in the number of ‘critical’ or ‘important’ security alerts that have been issued since the latest version of its server operating system, Windows Server 2003, was released.
During its first 320 days, Windows Server 2003 was the subject of nine serious alerts – or one every five weeks on average. By contrast, the previous version of the software, Windows 2000 Server, had 40 serious alerts during its first 320 days, or one every week.
Some critics argued that nine serious security alerts for the 2003 product showed that Microsoft still has some way to go to improve its patchy record on security.
Gates said that, although big improvements were being made, it was unrealistic to think that IT security threats would ever disappear completely.
“Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero,” said Gates. “Security is as big a challenge as any industry has ever tackled. It is not a case of simply fixing a few vulnerabilities and moving on.”
Microsoft’s security credentials will be tested again in summer 2004 when it releases a beefed-up version of Windows XP, its desktop operating system. This version, known as XP Service Pack 2, will include a firewall activated by default, a spam filter and a pop-up blocker.
At the same time, Microsoft plans to make it easier for users to download security patches. A new service, called Windows Update Services, will be launched in the second half of 2004.
Meanwhile, in a surprise move, Microsoft and other leading software companies have told the US government that the industry may be willing to accept more regulation in order to improve its network security record.
But the software consortium’s report cautions that Washington should step in and force suppliers to make improvements only if market forces fail.