As cyber attacks become more rampant and privacy and security continually rank as chief concerns among consumers and businesses, the worlds largest supplier of personal computer software is responding with its new "Trustworthy Computing" initiative.
In a remarkable January 15 memorandum e-mailed to 47,000 employees, Microsoft Chairman and Founder Bill Gates ordered an overhaul of his companys corporate philosophy, placing privacy and security at the top of the priority list. "In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible . . . but all those great features won't matter unless customers trust our software," wrote Gates. "So now, when we face a choice between adding features and resolving security issues, we need to choose security."
Gates also expressed his commitment to consumer privacy by declaring, "Users should be in control of how their data is used. Policies for information use should be clear to the user. Users should be in control of when and if they receive information . . ."
Part of Microsofts Trustworthy Computing plan will entail a production halt for the month of February when the companys software engineers will undergo intensive training to make systems more secure and protective of privacy. It is also reported that the company will sort through every line of code in its Windows source code to find and fix security flaws that have, until now, gone undetected. Microsoft plans to apply such security focus to all future development.
Some of Microsofts perennial critics claim the initiative is long overdue, and question whether or not Microsoft will follow through on its promises, as the company could be forced to bear a reduction in the number of new features in its programs and significant new product delays. Some go further in arguing that such a massive security initiative cannot be undertaken without subjecting the Windows operating system source code to public domain something the company has fought hard to avoid.
However, Gates is not known for frivolous diversion, and the new initiative is critical to Microsofts future success. The company has long been a target for hackers, not because its products necessarily have any more vulnerabilities than other software, but due in large part to its market success and popularity. Everyone remembers the NIMDA, CODE RED, I LOVE YOU and other viruses and worms that exploited Microsofts product vulnerabilities and caused problems for hundreds of thousands of customers. More recently, Microsoft acknowledged a flaw in its Passport technology, designed to secure e-commerce transactions, which could have allowed hackers to gain access to users personal information, such as credit card and social security numbers. There is also the problem with Windows XP, Microsofts most popular and most important PC operating system. The company revealed that hackers could potentially take control of a computer using XP and read through its files.
Microsofts website currently offers numerous software "patches" that users can download to cure privacy and security vulnerabilities. These are effective, but sometimes confusing for computer users. The company says it plans to significantly simplify that process and provide automatic software updates.
Microsofts new direction is responsive to market demand, and the company is taking necessary steps to eliminate a lack of trust from customers and declining consumer confidence in the entire tech industry. Microsoft Vice President Cliff Reeves points out the companys commitment in an interview with Computerworld, "You can say the number of attacks is a result of market success, which is true. Or you can say the obligation to have fewer attacks is an obligation of market success . . . thats the attitude that the company has about this."
Microsoft is also developing its massive ".NET" initiative to provide personal and commercial products and services via the internet a project dependent on the companys ability to safely store and keep secure sensitive business files and personal information. One indication of seriousness of the companys commitment to security and privacy, even prior to the distribution of Chairman Gates memo, was delayed shipment of a significant ".Net" developer tool. According to Microsoft Vice President Jim Allchin, the delay enabled engineers to sort through the product to locate and remedy vulnerabilities.
Microsofts critics will never be satisfied; it is one of those companies that everyone loves to hate. The Electronic Privacy Information Center (EPIC), a privacy rights group that frequently seeks to instigate government intervention in the marketplace, has recently sent letters to all fifty state attorneys general urging them to examine Microsofts Passport technology.
But as a staunch privacy advocate, the Center views the principles of Trustworthy Computing as a giant step in the right direction. Given Microsofts ubiquitous influence, those principles will no doubt spread throughout the entire tech industry benefiting all users, including the government, without government interference.
In todays interconnected world, securing critical infrastructure is necessary to ensure individual and business privacy. Microsoft appears to be responsive to this obligation and is leading the way. We think they deserve that chance before everyone piles on again.February 1, 2002