From: rms at computerbytesman.com (Richard M. Smith)
Subject: FW: Security in a Connected World

FYI:

-----Original Message-----
From: Bill Gates [mailto:BillGates@...irman.microsoft.com] 
Sent: Thursday, January 23, 2003 11:16 PM
To: rms@...puterbytesman.com
Subject: Security in a Connected World


Jan. 23, 2003

As we increasingly rely on the Internet to communicate and conduct
business, a secure computing platform has never been more important.
Along with the vast benefits of increased connectivity, new security
risks have emerged on a scale that few in our industry fully
anticipated.

As everyone who uses a computer knows, the confidentiality, integrity
and availability of data and systems can be compromised in many ways,
from hacker attacks to Internet-based worms. These security breaches
carry significant costs. Although many companies do not detect or report
attacks, the most recent computer crime and security survey performed by
the Computer Security Institute and the Federal Bureau of Investigation
totaled more than $455 million in quantified financial losses in the
United States alone in 2001. Of those surveyed, 74 percent cited their
Internet connection as a key point of attack.

As a leader in the computing industry, Microsoft has a responsibility to
help its customers address these concerns, so they no longer have to
choose between security and usability. This is a long-term effort. As
attacks on computer networks become more sophisticated, we must innovate
in many areas - such as digital rights management, public key
cryptology, multi-site authentication, and enhanced network and PC
protection - to enable people to manage their information securely.

A year ago, I challenged Microsoft's 50,000 employees to build a
Trustworthy Computing environment for customers so that computing is as
reliable as the electricity that powers our homes and businesses today.
To meet Microsoft's goal of creating products that combine the best of
innovation and predictability, we are focusing on four specific areas:
security, privacy, reliability and business integrity. Over the past
year, we have made significant progress on all these fronts. In
particular, I'd like to report on the advances we've made and the
challenges we still face in the security area. As a subscriber to
Executive Emails from Microsoft, I hope you will find this information
helpful.

In order to realize the full potential of computers to advance
e-commerce, enable new kinds of communication and enhance productivity,
security will need to improve dramatically. Based on discussions with
customers and our own internal reviews, it was clear that we needed to
create a framework that would support the kind of innovation,
state-of-the-art processes and cultural shifts necessary to make a
fundamental advance in the security of our software products. In the
past year we have created new product-design methodologies, coding
practices, test procedures, security-incident handling and
product-support processes that meet the objectives of this security
framework:

SECURE BY DESIGN: In early 2002 we took the unprecedented step of
stopping the development work of 8,500 Windows engineers while the
company conducted 10 weeks of intensive security training and analyzed
the Windows code base. Although engineers receive formal academic
training on developing security features, there is very little training
available on how to write secure code. Every Windows engineer, plus
several thousand engineers in other parts of the company, was given
special training covering secure programming, testing techniques and
threat modeling. The threat modeling process, rare in the software
world, taught program managers, architects and testers to think like
attackers. And indeed, fully one-half of all bugs identified during the
Windows security push were found during threat analysis.

We have also made important breakthroughs in minimizing the amount of
security-related code in products that is vulnerable to attack, and in
our ability to test large pieces of code more efficiently. Because
testing is both time-consuming and costly, it's important that defects
are detected as early as possible in the development cycle. To optimize
which tests are run at what points in the design cycle, Microsoft has
developed a system that prioritizes the application's given set of
tests, based on what changes have been made to the program. The system
is able to operate on large programs built from millions of lines of
source code, and produce results within a few minutes, when previously
it took hours or days.

The scope of our security reviews represents an unprecedented level of
effort for software manufacturers, and it's begun to pay off as
vulnerabilities are eliminated through offerings like Windows XP Service
Pack 1. We also put Visual Studio .NET through an incredibly vigorous
design review, threat modeling and security push, and in the coming
months we will be releasing other major products that have gone through
our Trustworthy Computing security review cycle: Windows Server 2003,
the next versions of SQL and Exchange Servers, and Office 11.

Looking ahead, we are working on a new hardware/software architecture
for the Windows PC platform (initially codenamed "Palladium"), which
will significantly enhance the integrity, privacy and data security of
computer systems by eliminating many "weak links." For example, today
anyone can look into a graphics card's memory, which is obviously not
good if the memory contains a user's banking transactions or other
sensitive information. Part of the focus of this initiative is to
provide "curtained" memory - pages of memory that are walled off from
other applications and even the operating system to prevent
surreptitious observation - as well as the ability to provide security
along the path from keyboard to monitor. This technology will also
attest to the reliability of data, and provide sealed storage, so
valuable information can only be accessed by trusted software
components.

SECURE BY DEFAULT: In the past, a product feature was typically enabled
by default if there was any possibility that a customer might want to
use it. Today, we are closely examining when to pre-configure products
as "locked down," meaning that the most secure options are the default
settings. For example, in the forthcoming Windows Server 2003, services
such as Content Indexing Service, Messenger and NetDDE will be turned
off by default. In Office XP, macros are turned off by default. VBScript
is turned off by default in Office XP SP1. And Internet Explorer frame
display is disabled in the "restricted sites" zone, which reduces the
opportunity for the frames mechanism in HTML email to be used as an
attack vector.

SECURE IN DEPLOYMENT: To help customers deploy and maintain our products
securely, we have updated and significantly expanded our security tools
in the past year. Consumers and small businesses can stay up to date on
security patches by using the automatic update feature of Windows
Update. Last year, we introduced Software Update Services (SUS) and the
Systems Management Server 2.0 SUS Feature Pack to improve patch
management for larger enterprises. We released Microsoft Baseline
Security Analyzer, which scans for missing security updates, analyzes
configurations for poor or weak security settings, and advises users how
to fix the issues found. We have also introduced prescriptive documents
for Windows 2000 and Exchange to help ensure that customers can
configure and deploy these products more securely. In addition, we are
working with a number of major customers to implement smart cards as a
way of minimizing the weak link associated with passwords. Microsoft
itself now requires smart cards for remote access by employees, and over
time we expect that most businesses will go to smart card ID systems.

COMMUNICATIONS: To keep customers better informed about security issues,
we made several important changes over the past year. Feedback from
customers indicated that our security bulletins, though useful to IT
professionals, were too detailed for the typical consumer. Customers
also told us they wanted more differentiation on security fixes, so they
could quickly decide which ones to prioritize. In response, Microsoft
worked with industry professionals to develop a new security bulletin
severity rating system, and introduced consumer bulletins. We are also
developing an email notification system that will enable customers to
subscribe to the particular security bulletins they want.

WHAT'S NEXT

In the past decade, computers and networks have become an integral part
of business processes and everyday life. In the Digital Decade we're now
embarking on, billions of intelligent devices will be connected to the
Internet. This fundamental change will bring great opportunities as well
as new, constantly evolving security challenges.

While we've accomplished a lot in the past year, there is still more to
do - at Microsoft and across our industry. We invested more than $200
million in 2002 improving Windows security, and significantly more on
our security work with other products. In the coming year, we will
continue to work with customers, government officials and industry
partners to deliver more secure products, and to share our findings and
knowledge about security. In the meantime, there are three things
customers can do to help: 1) stay up to date on patches, 2) use
anti-virus software and keep it up to date with the latest signatures,
and 3) use firewalls.

There's much more I'd like to share with you about our security
initiatives. If you would like to dig deeper, information and links are
available at
http://www.microsoft.com/mscorp/execmail/2003/01-23security2.asp to help
you make your computer systems more secure.

Bill Gates


To cancel your subscription to future executive emails, please reply to
this email with the word UNSUBSCRIBE in the subject line. For
information about Microsoft's privacy policies, please go to:
http://www.microsoft.com/info/privacy.htm

Powered by blists - more mailing lists