Gates calls for ‘trustworthy computing’

Bill Gates is getting serious about security. Microsoft Corp.’s chairman and chief software architect is calling on the software giant’s 49,000 employees worldwide to make “trustworthy computing” the company’s highest priority.

“In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible,” he wrote in a memo to employees dated Tuesday, which was made available to the media. “We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security.”

One observer said the memo doesn’t necessarily mean a new strategy for Microsoft.

“I think the announcement itself is probably more political than one of substance,” said Graham Titterington, a senior analyst with research and consulting firm Ovum Ltd. “IBM (Corp.) has decided to make privacy one of its key themes over the next quarter or so … so there may be a little bit of me-tooing in this announcement.”

Critics have in the past charged that Microsoft products are especially vulnerable to malicious code and other security problems. But the company has generally rejected the claim, saying its software is more simply frequently targeted because of its high profile.

“All software contains security vulnerabilities, and worms and viruses can be written to exploit vulnerabilities in any product,” said a Microsoft spokesman, who asked not to be identified. “Microsoft is a leader, and so our products are more frequently a target (of hackers),” he added.

That’s partially true, but not entirely, said Titterington.

“Hackers want to get the greatest return on their investment, and therefore they go for software platforms that are widely distributed,” he said. “But if you compare the number of successful security attacks on Windows against the number of successful attacks on Unix, the difference is so wide that you can’t totally explain it by the attraction to hackers (of Windows).”

One reason Windows is vulnerable, he added, is that it started as a stand-alone product for individual users and has since grown to encompass enterprise servers, increasing the security risk.

Gates wrote that events last year, including the terrorist attacks of Sept. 11 and highly publicized virus attacks, have highlighted the importance of “integrity and security of our critical infrastructure, whether it’s the airlines or computer systems.”

Customers, he continued, should be able to rely on “computing that is as available, reliable and secure as electricity, water services and telephony.”

Microsoft Canada Co. in Mississauga, Ont., is at