RealTime IT News

Microsoft Building 'Safer Search'

SAN FRANCISCO -- Microsoft is working on creating "safer search" technology as it puts the finishing touches on refinements to Internet Explorer.

A company executive said the company is building tools and safety warnings into Internet Explorer and its next-generation search technology.

"In a service economy, both robust information use and consumer trust are necessities for success," said Brian Arbogast, corporate vice president of communications for Microsoft's Platform and Services Group.

"Our content filtering team is working closely with our search technology team," he said. "It's definitely a goal to build a 'safer search.'" Arbogast was speaking Friday at the Privacy Futures conference, sponsored by the International Association of Privacy Professionals and TRUSTe, a non-profit focused on online privacy and certification.

Redmond's approach is to use a combination of technology, education, legislation, litigation and enforcement in order to help consumers take control of spam, spyware and protecting children online.

SmartScreen technology developed by Microsoft Research uses machine language recognition to identify spam. It's been deployed in Hotmail, MSN Outlook and Exchange Server.

"It's like a Spy versus Spy game," Arbogast said. "Every time you make it that much more expensive, you've changed the nature of the game and probably put more spammers out of business."

Microsoft's spam approach includes strategies for authenticating senders and asking for proof of identity and content, along with prevention agents including attack detection and outbound filtering.

Substantial updates to the Internet Explorer browser will be delivered with Windows XP Service Pack 2, according to Arbogast. It will include the advanced pop-up blocker that Microsoft has made available to MSN Premium users, as well as a download blocker that will analyze attempted downloads to determine whether they were the result of user interaction or some deceptive practice. In the latter case, the toolbar will notify the user of the attempted download and offer the opportunity to make a decision.

The browser's default settings will be to the highest level of security, he said. Users will be able to change them, getting a warning when they reduce security. Add-On Manager is another new feature that will let users see applications that have been attached to the browser and remove unwanted ones such as spyware.

SP2, which is expected to be released soon, also will change the way security settings are handled. Instead of being spread throughout the operating system, they'll be available in a single security control panel. Red and green lights will indicate the security level of individual settings. Microsoft hasn't announced a ship date for SP2, which will be available as a free download, but it is now expected by July.

The company also is working to provide platforms for data governance, especially for Windows XP and Windows Server 2003, including an encrypted file system and a crypto API component, available now as a free download. Authorization Manger, which ships with Windows Server 2003, allows for roles-based authorization rules. Both Windows Authorization Manager and Windows Information Rights Manager, which ships with Office 2003, populate rules across applications.

Microsoft and other companies have to deal with what Peter Cullen, Microsoft's chief privacy strategist, called "the politicization of privacy. The more the data is available, the more likely there are security events," he said. "Our customers are very tired of trying to absorb all this.

Arbogast said that a corporate initiative now has "privacy champs" in all lines of business, which ensure that internal development takes privacy into account. The company also engages in consumer education, both through online help such as a new portal with information on spyware and through cooperation with ISPs, non-profits and federal and state regulators.

As Microsoft tries to beef up security, businesses and consumers will be confronted with more decision points as they use the software. "We need to drive awareness of the issues so that people are willing to make changes," Arbogast said. "We wish people could not ever worry about what happened if they shared the personal info with a given organization, but it's not quite that simple."