SAN FRANCISCO — Microsoft’s chief software architect
renewed the company’s commitment to security Tuesday with enhancements
across the company’s major product lines — including the promise of a new version of
Internet Explorer with beefed-up security.
Gates said Internet Explorer version 7.0 would be released with new
security features and will be available to Windows XP users running SP2
updates. The rest of the world will have to wait until the next version of
Windows ships, which is expected in 2006.
“Internet Explorer 7.0 will also provide even stronger defenses against
phishing, malicious software and spyware,” Gates said during a keynote
address at the RSA Security Conference here. “The beta release is scheduled
to be available this summer” and will maintain the “level of extensibility
and compatibility that customers have come to expect.”
News about the timetable for the next version of IE was but one piece of
buzzworthy news amid a flurry of announcements from Microsoft in the
security arena. The world’s largest software company is legendary for
“turning on the fire hose” of news announcements at major conferences; the
14th annual RSA Security Conference was no exception.
In addition to the delivery update about IE — which had been expected to
be updated when the next version of Windows (code-named Longhorn) ships —
Gates let it slip that anti-spyware protection it purchased when it
acquired Giant Software Company in December would be offered to Windows licensees at
no extra cost.
The update is sure to keep providers of security and anti-virus
software devising new strategies to compete with Microsoft’s looming
presence in their sector. Gates also said Microsoft would be coming out with
more expanded anti-virus products by the end of the year.
In addition, Microsoft has released to manufacturing (RTM) its Internet
Security and Acceleration (ISA) Server Enterprise Edition, which features
advanced new active directory controls for extending authentication and
control levels across the enterprise.
“This is the top priority for Microsoft, a top priority in terms of
research and development, a top priority for our customers,” Gates said of
the company’s overall investment in building deeper levels of security into
its server and client product lines. “It’s the one thing we need to make
sure we get absolutely right in order to unlock” the advantages of the
digital media revolution, Gates said. “When you think about things around
[our] Trustworthy Computing [program], it includes privacy, keeping
documents confidential, protecting against code attacks and against social
engineering attacks,” such as phishing, Gates said.
Gates broke his discussion into four key areas: improved
updates for security fixes; improved isolation; advanced authentication
control; and best-practices alliances, such as partnerships with security
companies and government programs that focus on securing government
infrastructures.
Improved Updating Services. From major business customers to home
users, patches and processes for issuing patches and security fixes are
designed to be delivered more quickly in response to new exploits that are
posted, Gates explained.
At a time when the time between known proof of concept code for security
exploits is discovered and a fix issued is rapidly compressing, Microsoft’s
founder said the company is speeding the delivery of new patches that
don’t involve as big a download as they have in the past. “We’re making sure
that it operates faster than the ability of the Internet to propagate
problems,” Gates said.
Gates said a beta version of Microsoft Update release is scheduled for mid-March. It is a unified update
service for consumers and small businesses and covers Windows XP, Windows
2000, Windows Server 2003, Office 2003 and Exchange Server 2003. The release is now providing customers with a consolidated view of security and reliability updates in one location and is slated to be rolled out throughout the first half of this year.
In addition, Gates unveiled version 2.0 of its Baseline Security Analyzer
(MBSA). The tool is designed to help system admins identify common security
misconfigurations.
Isolation And Authentication Improvements. Gates unveiled the
release to manufacturing (RTM) of the Enterprise Edition of Microsoft
Internet Security and Acceleration (ISA) Server 2004.
New features include
more secure remote access to essential applications for employees and
partners, security-enhanced connections for branch offices to corporate
headquarters and better protections from malicious Internet traffic.
“Isolation is a fundamental technique to make sure we don’t spread
malicious code,” he said, while explaining that the new features in Active
Directory group policy give system administrators more control
over what they can install. This helps companies stop bad code before it
embeds itself in the enterprise.
In addition, Gates announced Service Pack 1 for its Windows Rights
Management Services (RMS) encryption software that helps system
administrators set rules about how key Office productivity documents can be
shared, copied and/or filed.
The RMS SP1 release features the ability to
deploy rights management solutions without a network connection to the
Internet and without an operational dependency on an external entity such as
Microsoft, Gates said. It also deploys smart-card technology.
The RMS service pack updates comes about two years after Microsoft
unveiled new digital rights tools for its Office productivity suite in the
RMS system, which is a system for the Office suite that helps customers
protect information in Word, Excel, PowerPoint documents and Outlook
e-mails.
Best Practices. Under best practices, Gates includes new education efforts against phishing attacks, as well as building out a network of
security testers that track malicious code circulating on the Internet. More
than 55,000 testers are already working with Microsoft’s Spynet program, he
said, which works to get signatures against malicious code out and into
users’ machines in a faster time frame.
He also sought to reassure both governments and businesses that are
running various versions of Windows that the company is building new security best practices into its development and testing cycles for new products.
“Our industry is really on the line to reach out to governments and reach
out to our customers and make sure nothing’s impeding us in making this
progress” regarding security improvements, he continued.
“I’m optimistic that through these efforts, we will able to mitigate
the security problems and let advances of digital infrastructure really
allow some fantastic things to happen.”