"Trustworthy
Computing"
Privacy
and Security Deemed Microsofts Top Priorities
As
cyber attacks become more rampant and privacy and security continually
rank as chief concerns among consumers and businesses, the worlds
largest supplier of personal computer software is responding with
its new "Trustworthy Computing" initiative.
In
a remarkable January
15 memorandum e-mailed to 47,000 employees, Microsoft Chairman
and Founder Bill Gates ordered an overhaul of his companys
corporate philosophy, placing privacy and security at the top of
the priority list. "In the past, we've made our software and
services more compelling for users by adding new features and functionality,
and by making our platform richly extensible . . . but all those
great features won't matter unless customers trust our software,"
wrote Gates. "So now, when we face a choice between adding
features and resolving security issues, we need to choose security."
Gates
also expressed his commitment to consumer privacy by declaring,
"Users should be in control of how their data is used. Policies
for information use should be clear to the user. Users should be
in control of when and if they receive information . . ."
Part
of Microsofts Trustworthy Computing plan will entail a production
halt for the month of February when the companys software
engineers will undergo intensive training to make systems more secure
and protective of privacy. It is also reported that the company
will sort through every line of code in its Windows source code
to find and fix security flaws that have, until now, gone undetected.
Microsoft plans to apply such security focus to all future development.
Some
of Microsofts perennial critics claim the initiative is long
overdue, and question whether or not Microsoft will follow through
on its promises, as the company could be forced to bear a reduction
in the number of new features in its programs and significant new
product delays. Some go further in arguing that such a massive security
initiative cannot be undertaken without subjecting the Windows operating
system source code to public domain something the company
has fought hard to avoid.
However,
Gates is not known for frivolous diversion, and the new initiative
is critical to Microsofts future success. The company has
long been a target for hackers, not because its products necessarily
have any more vulnerabilities than other software, but due in large
part to its market success and popularity. Everyone remembers the
NIMDA, CODE RED, I LOVE YOU and other viruses and worms that exploited
Microsofts product vulnerabilities and caused problems for
hundreds of thousands of customers. More recently, Microsoft acknowledged
a flaw in its Passport technology, designed to secure e-commerce
transactions, which could have allowed hackers to gain access to
users personal information, such as credit card and social
security numbers. There is also the problem with Windows XP, Microsofts
most popular and most important PC operating system. The company
revealed that hackers could potentially take control of a computer
using XP and read through its files.
Microsofts
website currently offers numerous software "patches" that
users can download to cure privacy and security vulnerabilities.
These are effective, but sometimes confusing for computer users.
The company says it plans to significantly simplify that process
and provide automatic software updates.
Microsofts
new direction is responsive to market demand, and the company is
taking necessary steps to eliminate a lack of trust from customers
and declining consumer confidence in the entire tech industry. Microsoft
Vice President Cliff Reeves points out the companys commitment
in an interview with Computerworld, "You can say the
number of attacks is a result of market success, which is true.
Or you can say the obligation to have fewer attacks is an obligation
of market success . . . thats the attitude that the company
has about this."
Microsoft
is also developing its massive ".NET" initiative to provide
personal and commercial products and services via the internet
a project dependent on the companys ability to safely store
and keep secure sensitive business files and personal information.
One indication of seriousness of the companys commitment to
security and privacy, even prior to the distribution of Chairman
Gates memo, was delayed shipment of a significant ".Net"
developer tool. According to Microsoft Vice President Jim Allchin,
the delay enabled engineers to sort through the product to locate
and remedy vulnerabilities.
Microsofts
critics will never be satisfied; it is one of those companies that
everyone loves to hate. The Electronic Privacy Information Center
(EPIC), a privacy rights group that frequently seeks to instigate
government intervention in the marketplace, has recently sent letters
to all fifty state attorneys general urging them to examine Microsofts
Passport technology.
But
as a staunch privacy advocate, the Center views the principles of
Trustworthy Computing as a giant step in the right direction. Given
Microsofts ubiquitous influence, those principles will no
doubt spread throughout the entire tech industry benefiting
all users, including the government, without government interference.
In
todays interconnected world, securing critical infrastructure
is necessary to ensure individual and business privacy. Microsoft
appears to be responsive to this obligation and is leading the way.
We think they deserve that chance before everyone piles on
again.
[Posted
on February 1, 2002]
Return
to Technology
Index
|