Like a rapist teaching personal safety to college coeds, Gates shares his vision…
From: “Bill Gates” [BillGates@chairman.microsoft.com]
Date: Mon, 22 Jul 2002 15:04:44
Subject: Trustworthy Computing
As I’ve talked with customers over the last year – from individual consumers to big enterprise customers – it’s clear that everyone recognizes that computers play an increasingly important and useful role in our lives. At the same time, many of the people I talk to are concerned about the security of the technologies they depend on. They are concerned about whether their personal data is being protected. Although they know that computers can do amazing things, they are frustrated that their technology doesn’t always work consistently. And they want assurances that the high-tech industry takes these concerns seriously and is working to improve their computing experience.
Six months ago, I sent a call-to-action to Microsoft’s 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.
This is an important part of the evolution of the Internet, because without a Trustworthy Computing ecosystem, the full promise of technology to help people and businesses realize their potential will not be fulfilled. Ironically, it is the growth of the Internet and the advent of massive computing systems built from loose affiliations of services, machines, communications networks and application software that have helped create the potential for increased vulnerabilities.
There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we’re combining passwords with “smart cards” to authenticate users. We’re also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.
For example, we’ve historically made our software and services more compelling for users primarily by adding new features and functionality. While we are continuing to invest significantly in delivering new capabilities that customers ask for, we are now making security improvements an even higher priority than adding features. For example, we made changes to Microsoft Outlook to block email attachments associated with unsafe files, prevent access to a user’s address book, and give administrators the ability to manage email security settings for their organization. As a result of these changes, the number of email virus incidents has dropped dramatically. In fact, email viruses like the recent “Frethem” virus propagate only to systems that have not been updated – underscoring the importance of updating them regularly.
We are also undertaking a rigorous and exhaustive review of many Microsoft products to minimize other potential security vulnerabilities. Earlier this year, the development work of more than 8,500 Microsoft engineers was put on hold while we conducted an intensive security analysis of millions of lines of Windows source code. Every Windows engineer and several thousand engineers in other parts of the company were also given special training in writing secure software. We estimated that the stand-down would take 30 days. It took nearly twice that long, and cost Microsoft more than $100 million. We’ve undertaken similar code reviews and security training for Microsoft Office and Visual Studio .NET, and will be doing so for other products as well.
THE TRUSTWORTHY COMPUTING FRAMEWORK
Trustworthy Computing has four pillars: reliability, security, privacy and business integrity. “Reliability” means that a computer system is dependable, is available when needed, and performs as expected and at appropriate levels. “Security” means that a system is resilient to attack, and that the confidentiality, integrity and availability of both the system and its data are protected. “Privacy” means that individuals have the ability to control data about themselves and that those using such data faithfully adhere to fair information principles. “Business Integrity” is about companies in our industry being responsible to customers and helping them find appropriate solutions for their business issues, addressing problems with products or services, and being open in interactions with customers.
Creating a Trustworthy Computing environment requires several steps:
- Making software code more secure and reliable. Our developers have tools and methodologies that will make an order-of-magnitude improvement in their work from the standpoint of security and safety.
- Keeping ahead of security exploits. Distributing updates using the Internet so that all systems are up to date. Windows Update and Software Update Services, discussed below, provide the infrastructure for this.
- Early Recovery. In case of a problem, having the capability to restore and get systems back up and running in exactly the same state they were in before an incident, with minimal intervention.
FIRST STEPS TOWARD MORE TRUSTWORTHY COMPUTING
There is still much work that Microsoft and others in our industry must do to make computing more trustworthy. Here is a summary of some of the progress we’ve made, six months after my email to Microsoft employees:
- We have changed the way we design and develop software at all phases of the product development cycle. Our new processes should greatly minimize errors in software, and speed up the development process for new products and services.
- Software Update Services (SUS) is a security management tool for business customers that enables IT administrators to quickly and reliably deploy critical updates from inside their corporate firewall to Windows 2000-based servers and desktop computers running Windows 2000 Professional and Windows XP Professional.
- Microsoft Baseline Security Analyzer is a new tool that customers can use to analyze Windows 2000 and Windows XP systems for common security misconfigurations, and to scan for missing security hot fixes and vulnerabilities on a variety of products, including newer versions of Internet Information Server, SQL Server and Office.
- In addition to providing customers with tools and resources to help them maximize the security of Windows 2000 Server environments, we are committed to shipping Windows .NET Server 2003 as “secure by default.” We believe it’s critical to provide customers with a foundation that has been configured to maximize security right out of the box, while continuing to provide customers with a rich set of integrated features and capabilities.
- The error-reporting features built into Office XP and Windows XP are giving us an enormous amount of feedback and a much clearer view of the kinds of problems customers have, and how we can raise the level of reliability in those products – and that of products made by other companies. As part of this effort, we recently created a secure Web site where software and hardware vendors can view error reports related to their drivers, utilities and applications that are reported through our system. This enables the vendors who work with us to identify recurring problems and address them far more quickly than in the past. All of our server software products will incorporate these error-reporting features in subsequent versions of the products.
- With Microsoft Windows Update, we are completing the customer-feedback loop based on the error-reporting features mentioned above. This globally available Web service delivers more than 300 million downloads per month of the most current versions of product fixes, updates and enhancements. When customers connect to the site, they can choose to have their computer automatically evaluated to check which updates need to be applied in order to keep their system up-to-date, as well as identify any critical updates to keep their system safe and secure.
- We are working on a new hardware/software architecture for the Windows PC platform, code-named “Palladium,” which will significantly enhance users’ system integrity, privacy and data security. This new technology, which will be included in a future version of Windows, will enable applications and application components to run in a protected memory space that is highly resistant to tampering and interference. This will greatly reduce the risk of viruses, other attacks, or attempts to acquire personal information or digital property with malicious or illegal intent. Our goal is for the Palladium development process to be a collaborative industry initiative.
- We’ve incorporated what is known as P3P (Platform for Privacy Preferences) technology in the Internet Explorer browser technology in Windows XP, which enhances a user’s ability to set privacy levels to suit his or her needs. The P3P standard enables a user’s browser to compare any P3P-compliant Web site’s privacy practices to that user’s privacy settings, and to decide whether to accept cookies from that site.
Identifying and addressing critical Trustworthy Computing issues will require significant collaboration across our industry. One example of the kind of cross-industry effort we need more of is the recent creation of the Web Services Interoperability (WS-I) Organization (http://www.ws-i.org/). Founded by IBM, Microsoft and other industry leaders including Intel, Oracle, SAP, Hewlett-Packard, BEA Systems and Accenture, WS-I’s mission is to enable consistent and reliable interoperability of XML-based Web services across a variety of platforms, applications and programming languages. Among other things, WS-I will create a suite of test tools aimed at addressing errors and unconventional usage in Web services specifications implementations, which in turn will improve interoperability among applications and across platforms.
WHAT YOU CAN DO
Given the complexity of the computing ecosystem, and the dynamic nature of the technology industry, Trustworthy Computing really is a journey rather than a destination. Microsoft is fully committed to this path, but it is not something we can do alone. It requires the leadership of many others in our industry and a commitment by customers to establish and maintain a secure and reliable computing environment. For customers, the most important first step is understanding what it will take to make their computers and networks more reliable and safe. Below are some suggestions on what individuals and businesses can do to create a more Trustworthy Computing environment for themselves and others.
- Give us feedback by using the error-reporting features built into Office XP and Windows XP.
- Use Microsoft Windows Update (http://windowsupdate.com/) to ensure that you have the most up-to-date and accurate versions of product updates, enhancements and fixes.
- Businesses customers can take advantage of Software Update Services to download critical updates from Windows Update. (http://www.microsoft.com/windows2000/windowsupdate/sus/)
- Use Microsoft Baseline Security Analyzer to analyze Windows XP and Windows 2000 for common security misconfigurations. (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp)
- Enterprise Systems Integrators can take advantage of the Systems Integrator Source Licensing Program (http://www.microsoft.com/licensing/sharedsource/).
- Hardware, software or systems vendors can sign up for Microsoft’s Windows Logo Program at http://www.microsoft.com/winlogo/ to ensure a high-quality user experience.
- Find more information about computing security at http://www.microsoft.com/security/.
- Our White Paper on Trustworthy Computing is at http://www.microsoft.com/PressPass/exec/craig/05-01trustworthywp.asp.
- If you don’t already have Internet Explorer 6.0, download it for free at http://www.microsoft.com/windows/ie/evaluation/overview/ to take advantage of its increased reliability and security and privacy features.
We are doing everything we can at Microsoft to make software as trustworthy as possible. By building awareness, through collaborative work and with a long-term commitment, I am confident we can and will create a truly Trustworthy Computing environment.