Some of the speeches focused on the security of specific products; others hit on broader themes, such as spam and patch management, but all stayed "on message" that this year will be less of a security headache for Microsoft customers than the great migraine that was 2003.
The week kicked off with Gates using his keynote speech at RSA's signature event to outline the security features in the coming release of Windows XP Service Pack 2. Those features include an on-by-default firewall, Internet Explorer tweaks to simplify Active X controls, and a new console for the Windows Security Center management console.
Microsoft's chairman, who was anointed the world's richest man again by Forbes magazine this week, also delved into security issues during his speaking tour of five U.S. colleges. Gates made stops at MIT, Harvard, Carnegie Mellon, the University of Illinois and Cornell.
In other Redmond-related security news this week:
- Network gatekeepers. Microsoft and RSA Security announced a new partnership to provide better network security in Windows environments. Their new jointly developed authentication technology, which is based on RSA's SecurID tokens, targets security at the point at which users enter corporate networks.
- SMTP enhancements for Exchange. Also at RSA, Microsoft announced that it will make improvements to the Simple Mail Transfer Protocol (SMTP) relay for its Exchange messaging platform. The new boundary
- agent at the edge of the network would, among other things, provide "e-mail Caller ID" to authenticate mail before it is accepted by Exchange Server. In a related development, Sendmail, which boasts that it handles 60% of the world's e-mail traffic on its mail transfer agent, announced this week that it too will develop such technology.
- The password death knell. Gates predicted the death of the computer password. Let's face it. Users are the weakest link in system security. They use the same passwords on multiple systems, they create blatantly obvious passwords and they post them on slips of paper near their computers. The authentication standard of the future, Gates said, will likely be "tamper-resistant" biometric ID-card software.
- Betting on an arrest. David Aucsmith, chief technology officer for Microsoft's security business and technology unit, told an audience at the e-Crime conference in London that "the odds are in our favor" for arrests in the Sobig, Blaster and Mydoom investigations. The gambling analogy is apt, since Microsoft placed a series of $250,000 bets -- in the form of bounties -- to catch the authors of those worms.
- Feeling their patching pain. At that same conference, Aucsmith also admitted to a Microsoft shortcoming that administrators have known about for a long time: Microsoft patches are a royal pain. To fix the problem, Aucsmith said, Redmond will make patches in the future that can be "reversed out" and implemented without having to reboot systems.
- January meltdown for Linux. In the never-ending debate on whose operating system is more secure, Windows is pummeling Linux, according to new research from a British consultancy called Mi2g. In January, the firm said, there were 13,654 successful attacks against Linux systems, while 2,005 attacks were logged against Windows systems. The title of safest OS in this survey went elsewhere, however. That top honor was a tie between Berkeley Software Distribution (BSD) and Mac OS X. But to put that in perspective, those OSes only have a tiny fraction of the installed base that Windows and Linux enjoy.
FOR MORE INFORMATION: