Identifying security as the number one threat against Microsoft Corp., as well as the IT industry as a whole, Steve Ballmer, CEO of the Redmond, Wash.-based software giant, told a room of Canadian software developers that security continues to be a central issue at Microsoft — especially as the company moves toward the release of Longhorn.
“[Microsoft] has made progress, but there is more progress to make,” Ballmer said Wednesday night at the Toronto Convention Centre, where a pit-stop presentation wrapped up a one-day developer conference on security training.
While Ballmer didn’t go into detail, he did say that security challenges are broad and include not only tools and software, but also many of the processes that are currently in place. Ballmer said in the past few years, Microsoft has taken a step back from the way security had traditionally been handled within the organization and has “given customers the tools to write secure code.”
“It’s a world of threat,” he said.
The Microsoft approach to security right now is focused around technical and social issues, with attention being given to quality, resiliency, education and awareness. For example, Ballmer said there is a range of things that need to be addressed, such as the resiliency of having application-aware firewalls. These smarter firewalls that live on the edge of not only a network but also every computer will push intelligence forward, as will intrusion prevention technology, he said.
With so many different kinds of hackers on the loose, from those who see it as being a challenge to break into a company’s system to those who want personal gain, he noted it is also important to know all motivations for hacking into computers.
Security was the reason that Samir Imran, a senior programming analyst for a Toronto-based company, wanted to attend the event.
He said he wanted to find out more about Microsoft’s plans to ensure its products are secure, and said he is feeling positive about the company’s efforts to date, especially in the last six months after the launch of Windows Server 2003.
After attending a few of the sessions during the day, Imran said Microsoft’s commitment to security is quite evident and the company is making progress.
Speaking for a few minutes about the central role that development plays in Microsoft’s mission, Ballmer said in the next version of Visual Studio .Net, code-named Whitbey, Microsoft will be making a big investment in tools to help developers write more secure code. He didn’t go into great detail, but he did say that improvements would be found in debugging, error reporting and a new secure version of the C runtime library.
“Things start with development,” he said. “Critical decisions are not made by CIOs, but by somebody that cranks some code.”
Knowing that more .Net tools are coming down the pipe is something that makes a difference for Myles MacInnes, a systems consultant in the financial sector in Ontario. He attended the event to find out more about where Microsoft is positioning itself in the realm of security. The more he knows about what Microsoft’s plans are, the better he can prepare himself, he said.
Ballmer estimated there are approximately 10 million developers in the world, and as a company, it’s important for Microsoft to provide the foundation to build applications, which is why the company invests in research and development. He referred to developers as being kings and queens. “Applications are just platforms for you take to the next mile,” he said.
Meanwhile, in a presentation at the RSA Conference in San Francisco on Tuesday, Microsoft announced that it is working on security technologies for the upcoming Longhorn release of Windows that will protect users against security threats by monitoring system and network behaviour as well as the security patches that Microsoft has issued.
The new technologies will allow Windows to detect irregular system behaviour — in terms of network traffic, memory usage and system calls, for example — and respond to them automatically, Bill Gates, Microsoft chairman and chief software architect said during the presentation. The result of the development effort, which Microsoft refers to as “active protection technologies,” should protect systems from worms and viruses by preventing and containing attacks, according to Microsoft.
A component of the protection system, dubbed “dynamic system protection,” will track which security patches users have installed. The component will make changes to the Windows firewall to fend off any attacks that appear to take advantage of a security flaw that users have not yet patched themselves against. For example, if Microsoft has provided a patch for a flaw involving ActiveX controls, dynamic system protection will block ActiveX controls from running on a Windows system until that patch is installed, Microsoft said.
Other parts of the active protection effort include reducing the likelihood of a successful attack by automatically adapting the security settings to the type of network connection, for example when a notebook computer is moved from a corporate network to a public wireless LAN, said Microsoft product manager Jon Murchinson.
– With files from IDG News Service
