BILL GATES FROM MICROSOFT occasionally drops us all a line to let
us know what's happening. This is his latest, which arrived by carrier
pigeon (Outlook) this fair and frosty morning. Palladium will eliminate
many "weak links", he says below. Now read on.
Jan.
23, 2003
As
we increasingly rely on the Internet to communicate and conduct business,
a secure computing platform has never been more important. Along with
the vast benefits of increased connectivity, new security risks have
emerged on a scale that few in our industry fully anticipated.
As
everyone who uses a computer knows, the confidentiality, integrity
and availability of data and systems can be compromised in many ways,
from hacker attacks to Internet-based worms. These security breaches
carry significant costs. Although many companies do not detect or
report attacks, the most recent computer crime and security survey
performed by the Computer Security Institute and the Federal Bureau
of Investigation totaled more than $455 million in quantified financial
losses in the United States alone in 2001. Of those surveyed, 74 percent
cited their Internet connection as a key point of attack.
As
a leader in the computing industry, Microsoft has a responsibility
to help its customers address these concerns, so they no longer have
to choose between security and usability. This is a long-term effort.
As attacks on computer networks become more sophisticated, we must
innovate in many areas - such as digital rights management, public
key cryptology, multi-site authentication, and enhanced network and
PC protection - to enable people to manage their information securely.
A
year ago, I challenged Microsoft's 50,000 employees to build a Trustworthy
Computing environment for customers so that computing is as reliable
as the electricity that powers our homes and businesses today. To
meet Microsoft's goal of creating products that combine the best of
innovation and predictability, we are focusing on four specific areas:
security, privacy, reliability and business integrity. Over the past
year, we have made significant progress on all these fronts. In particular,
I'd like to report on the advances we've made and the challenges we
still face in the security area. As a subscriber to Executive Emails
from Microsoft, I hope you will find this information helpful.
In
order to realize the full potential of computers to advance e-commerce,
enable new kinds of communication and enhance productivity, security
will need to improve dramatically. Based on discussions with customers
and our own internal reviews, it was clear that we needed to create
a framework that would support the kind of innovation, state-of-the-art
processes and cultural shifts necessary to make a fundamental advance
in the security of our software products. In the past year we have
created new product-design methodologies, coding practices, test procedures,
security-incident handling and product-support processes that meet
the objectives of this security framework:
SECURE
BY DESIGN: In early 2002 we took the unprecedented step of stopping
the development work of 8,500 Windows engineers while the company
conducted 10 weeks of intensive security training and analyzed the
Windows code base. Although engineers receive formal academic training
on developing security features, there is very little training available
on how to write secure code. Every Windows engineer, plus several
thousand engineers in other parts of the company, was given special
training covering secure programming, testing techniques and threat
modeling. The threat modeling process, rare in the software world,
taught program managers, architects and testers to think like attackers.
And indeed, fully one-half of all bugs identified during the Windows
security push were found during threat analysis.
We
have also made important breakthroughs in minimizing the amount of
security-related code in products that is vulnerable to attack, and
in our ability to test large pieces of code more efficiently. Because
testing is both time-consuming and costly, it's important that defects
are detected as early as possible in the development cycle. To optimize
which tests are run at what points in the design cycle, Microsoft
has developed a system that prioritizes the application's given set
of tests, based on what changes have been made to the program. The
system is able to operate on large programs built from millions of
lines of source code, and produce results within a few minutes, when
previously it took hours or days.
The
scope of our security reviews represents an unprecedented level of
effort for software manufacturers, and it's begun to pay off as vulnerabilities
are eliminated through offerings like Windows XP Service Pack 1. We
also put Visual Studio .NET through an incredibly vigorous design
review, threat modeling and security push, and in the coming months
we will be releasing other major products that have gone through our
Trustworthy Computing security review cycle: Windows Server 2003,
the next versions of SQL and Exchange Servers, and Office 11.
Looking
ahead, we are working on a new hardware/software architecture for
the Windows PC platform (initially codenamed "Palladium"),
which will significantly enhance the integrity, privacy and data security
of computer systems by eliminating many "weak links." For
example, today anyone can look into a graphics card's memory, which
is obviously not good if the memory contains a user's banking transactions
or other sensitive information. Part of the focus of this initiative
is to provide "curtained" memory - pages of memory that
are walled off from other applications and even the operating system
to prevent surreptitious observation - as well as the ability to provide
security along the path from keyboard to monitor. This technology
will also attest to the reliability of data, and provide sealed storage,
so valuable information can only be accessed by trusted software components.
SECURE
BY DEFAULT: In the past, a product feature was typically enabled by
default if there was any possibility that a customer might want to
use it. Today, we are closely examining when to pre-configure products
as "locked down," meaning that the most secure options are
the default settings. For example, in the forthcoming Windows Server
2003, services such as Content Indexing Service, Messenger and NetDDE
will be turned off by default. In Office XP, macros are turned off
by default. VBScript is turned off by default in Office XP SP1. And
Internet Explorer frame display is disabled in the "restricted
sites" zone, which reduces the opportunity for the frames mechanism
in HTML email to be used as an attack vector.
SECURE
IN DEPLOYMENT: To help customers deploy and maintain our products
securely, we have updated and significantly expanded our security
tools in the past year. Consumers and small businesses can stay up
to date on security patches by using the automatic update feature
of Windows Update. Last year, we introduced Software Update Services
(SUS) and the Systems Management Server 2.0 SUS Feature Pack to improve
patch management for larger enterprises. We released Microsoft Baseline
Security Analyzer, which scans for missing security updates, analyzes
configurations for poor or weak security settings, and advises users
how to fix the issues found. We have also introduced prescriptive
documents for Windows 2000 and Exchange to help ensure that customers
can configure and deploy these products more securely. In addition,
we are working with a number of major customers to implement smart
cards as a way of minimizing the weak link associated with passwords.
Microsoft itself now requires smart cards for remote access by employees,
and over time we expect that most businesses will go to smart card
ID systems.
COMMUNICATIONS:
To keep customers better informed about security issues, we made several
important changes over the past year. Feedback from customers indicated
that our security bulletins, though useful to IT professionals, were
too detailed for the typical consumer. Customers also told us they
wanted more differentiation on security fixes, so they could quickly
decide which ones to prioritize. In response, Microsoft worked with
industry professionals to develop a new security bulletin severity
rating system, and introduced consumer bulletins. We are also developing
an email notification system that will enable customers to subscribe
to the particular security bulletins they want.
WHAT'S
NEXT In the past decade, computers and networks have become an integral
part of business processes and everyday life. In the Digital Decade
we're now embarking on, billions of intelligent devices will be connected
to the Internet. This fundamental change will bring great opportunities
as well as new, constantly evolving security challenges.
While
we've accomplished a lot in the past year, there is still more to
do - at Microsoft and across our industry. We invested more than $200
million in 2002 improving Windows security, and significantly more
on our security work with other products. In the coming year, we will
continue to work with customers, government officials and industry
partners to deliver more secure products, and to share our findings
and knowledge about security. In the meantime, there are three things
customers can do to help: 1) stay up to date on patches, 2) use anti-virus
software and keep it up to date with the latest signatures, and 3)
use firewalls.
There's
much more I'd like to share with you about our security initiatives.
If you would like to dig deeper, information and links are available
at http://www.microsoft.com/mscorp/execmail/2003/01-23security2.asp
to help you make your computer systems more secure.
Bill
Gates
Email address supplied, not
