Computer security measures represent Microsoft's biggest investment in the development of its upcoming Windows Vista operating system, Bill Gates told an audience of cyber-security experts at the RSA Conference 2006 in San Jose Tuesday.
"Happy Valentine's Day," Gates said. "My other invitation was to go quail hunting with Dick Cheney."
The computer industry's dreams of putting more of people's work lives and entertainment into digital form can only be realized if computer companies build software that's not only secure against attacks meant to steal data and hobble networks, but simple enough for users to understand and take advantage of security measures. "That means a lot of invention, a lot of improvement, from where we are today," said Gates.
During his keynote speech, Gates brought employees of Microsoft out on stage to demonstrate new security features in Windows Vista, the next version of Microsoft's PC operating system, which is scheduled for release by the end of the year. Keeping PCs and corporate networks safe is becoming even more important as hackers target specific companies for financial gain in addition to seeking publicity, and as new threats against digital devices such as Internet-connected cell phones augment attacks against PCs. "If you look at our investment in the next version of Windows, security would jump out as the thing we've spent the most time on," said Gates. "Microsoft has a big responsibility here."
According to Gates, the computer industry needs to simplify its products for users and system administrators, engineer secure measures into software rather than thinking about them after a product is nearly complete, and replace relatively insecure password-protected software with systems that use more complex methods such as smart cards. "We have an overly complex situation today," he said. PC users see too many screens and user interfaces--perhaps 10 times as many as they should. That makes it difficult to turn on features needed to protect their machines. In response, Microsoft is moving its products toward a more integrated design.
Gates also said that within four years, more companies will start providing security tokens that employees can use in conjunction with software algorithms to safeguard their applications. "Password systems simply won't cut it," Gates said, calling them a "weak link" of computer systems. But, he said, "I don’t pretend we're going to move away from passwords overnight." One demonstration during the speech showed a new Microsoft product for issuing smart cards and digital certificates to workers in a company. Microsoft Certificate Lifecycle Manager enters beta testing today.
Microsoft also demonstrated an upcoming capability called "network access protection" for keeping corporate PCs and laptops up to date. The feature can place PCs and laptops running Windows Vista and connected to servers running Microsoft's upcoming Windows Server software code-named Longhorn, into special "quarantine zones" until they're furnished with updates that bring them into compliance with a company's PC-health policies.
Microsoft also demonstrated Vista technology called InfoCards, which are digital representations of different amounts of a user's personal data that can be used to complete online transactions. Some InfoCards will contain only the user's location, some a credit card number, and some will be protected by a PIN for each use to grant a doctor the right to look at a person's medical record, for example. The feature is based on the concept that PC users don't want to disclose all their data all the time, Gates said.
Other advances include version 7 of Microsoft's Internet Explorer Web browser, due with Windows Vista, which contains security features such as an on-screen bar that prompts users to provide consent the first time a site tries to run a Windows ActiveX control. The browser also will be able to quarantine malicious executable files into a temporary folder and away from key system files. And a new version of Microsoft's Outlook software demands computational proof the first time an E-mail sender sends a message to a recipient, which isn't efficient for a spammer.
Gates said Microsoft gains a broad view of the security landscape through its Hotmail service, Exchange E-mail servers, and Watson crash-reporting tool in Windows. "We can see this evolving landscape," he said. Windows XP Service Pack 2, released a little more than a year ago, has reduced security problems by 13-fold, Gates said. Microsoft hopes for even better results from Vista. "We've all got a common challenge here," he said.