RealTime IT News

Gates Touts New IE With Better Security

SAN FRANCISCO -- Microsoft's chief software architect renewed the company's commitment to security Tuesday with enhancements across the company's major product lines -- including the promise of a new version of Internet Explorer with beefed-up security.

Gates said Internet Explorer version 7.0 would be released with new security features and will be available to Windows XP users running SP2 updates. The rest of the world will have to wait until the next version of Windows ships, which is expected in 2006.

"Internet Explorer 7.0 will also provide even stronger defenses against phishing, malicious software and spyware," Gates said during a keynote address at the RSA Security Conference here. "The beta release is scheduled to be available this summer" and will maintain the "level of extensibility and compatibility that customers have come to expect."

News about the timetable for the next version of IE was but one piece of buzzworthy news amid a flurry of announcements from Microsoft in the security arena. The world's largest software company is legendary for "turning on the fire hose" of news announcements at major conferences; the 14th annual RSA Security Conference was no exception.

In addition to the delivery update about IE -- which had been expected to be updated when the next version of Windows (code-named Longhorn) ships -- Gates let it slip that anti-spyware protection it purchased when it acquired Giant Software Company in December would be offered to Windows licensees at no extra cost.

The update is sure to keep providers of security and anti-virus software devising new strategies to compete with Microsoft's looming presence in their sector. Gates also said Microsoft would be coming out with more expanded anti-virus products by the end of the year.

In addition, Microsoft has released to manufacturing (RTM) its Internet Security and Acceleration (ISA) Server Enterprise Edition, which features advanced new active directory controls for extending authentication and control levels across the enterprise.

"This is the top priority for Microsoft, a top priority in terms of research and development, a top priority for our customers," Gates said of the company's overall investment in building deeper levels of security into its server and client product lines. "It's the one thing we need to make sure we get absolutely right in order to unlock" the advantages of the digital media revolution, Gates said. "When you think about things around [our] Trustworthy Computing [program], it includes privacy, keeping documents confidential, protecting against code attacks and against social engineering attacks," such as phishing, Gates said.

Gates broke his discussion into four key areas: improved updates for security fixes; improved isolation; advanced authentication control; and best-practices alliances, such as partnerships with security companies and government programs that focus on securing government infrastructures.

Improved Updating Services. From major business customers to home users, patches and processes for issuing patches and security fixes are designed to be delivered more quickly in response to new exploits that are posted, Gates explained.

At a time when the time between known proof of concept code for security exploits is discovered and a fix issued is rapidly compressing, Microsoft's founder said the company is speeding the delivery of new patches that don't involve as big a download as they have in the past. "We're making sure that it operates faster than the ability of the Internet to propagate problems," Gates said.

Gates said a beta version of Microsoft Update release is scheduled for mid-March. It is a unified update service for consumers and small businesses and covers Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003. The release is now providing customers with a consolidated view of security and reliability updates in one location and is slated to be rolled out throughout the first half of this year.

In addition, Gates unveiled version 2.0 of its Baseline Security Analyzer (MBSA). The tool is designed to help system admins identify common security misconfigurations.

Isolation And Authentication Improvements. Gates unveiled the release to manufacturing (RTM) of the Enterprise Edition of Microsoft Internet Security and Acceleration (ISA) Server 2004.

New features include more secure remote access to essential applications for employees and partners, security-enhanced connections for branch offices to corporate headquarters and better protections from malicious Internet traffic.

"Isolation is a fundamental technique to make sure we don't spread malicious code," he said, while explaining that the new features in Active Directory group policy give system administrators more control over what they can install. This helps companies stop bad code before it embeds itself in the enterprise.

In addition, Gates announced Service Pack 1 for its Windows Rights Management Services (RMS) encryption software that helps system administrators set rules about how key Office productivity documents can be shared, copied and/or filed.

The RMS SP1 release features the ability to deploy rights management solutions without a network connection to the Internet and without an operational dependency on an external entity such as Microsoft, Gates said. It also deploys smart-card technology.

The RMS service pack updates comes about two years after Microsoft unveiled new digital rights tools for its Office productivity suite in the RMS system, which is a system for the Office suite that helps customers protect information in Word, Excel, PowerPoint documents and Outlook e-mails.

Best Practices. Under best practices, Gates includes new education efforts against phishing attacks, as well as building out a network of security testers that track malicious code circulating on the Internet. More than 55,000 testers are already working with Microsoft's Spynet program, he said, which works to get signatures against malicious code out and into users' machines in a faster time frame.

He also sought to reassure both governments and businesses that are running various versions of Windows that the company is building new security best practices into its development and testing cycles for new products.

"Our industry is really on the line to reach out to governments and reach out to our customers and make sure nothing's impeding us in making this progress" regarding security improvements, he continued.

"I'm optimistic that through these efforts, we will able to mitigate the security problems and let advances of digital infrastructure really allow some fantastic things to happen."