Windows Security

By eweek  |  Posted 2004-01-14 Print this article Print

The Windows platform has been taking a lot of criticism with all the patches and security problems. Is this platform considered secure enough for homeland security? RICHEY: The answer is absolutely. Bill Gates and Craig Mundie, our CTO, will talk publicly about the challenges Microsoft faces around security in our platform. But let me just clarify something for the record: Microsofts platform is no less secure and is proportionately more secure than our competitors. Heres where the difference is … our presence in government … 65 percent of the desktops have Windows on them. That makes us the perfect target for those that would do harm to our government and to our citizens. So we get attacked a lot more than our competitors Ill tell you that No. 1
That doesnt mean thats an answer for why we can just slough it off as not important. It is job one at Microsoft. Im sorry, wrong company, I shouldnt say that. But you know what I mean. I mean Bill Gates and the Trustworthy Computing initiative … Bill launched that almost two years ago now. He shut down Microsoft for a period of two months and literally stopped all product development. It cost the company almost $200 million to create the paradigm shift that was required for running secure code. All of our code writers were pulled through a filter of rethinking the way we write and incorporate code into our products. Windows Server 2003 was the first product that was impacted by that change. It wasnt totally impacted. It was probably 78 percent through the product process by the time we had the stand-down. But let me say it benefited. And even with the latest vulnerabilities, Windows Server 2003, compared to its predecessor, has had significantly fewer vulnerabilities. Still at the heart of security is our Trustworthy Computing initiative, which is secure in design and secure in deployment. So we shut the Windows and doors when we send it out to our customers. Then they have to open them if they want them.
But No. 2 is the ability to push down patches. So were working hard with our government customers to work smarter about securing the enterprise because the vulnerability exists between the time Microsoft or one of our partners discovers the vulnerability and the time you deploy the patch. The time between the time we discover the vulnerability and the time we deploy the patch is shrinking at an incredibly dangerous rate. That means we have to get that patch out that much faster. We have prototype systems—enterprise systems—where weve done that successfully, but recognize that the government makes decisions slowly and you have huge disparate infrastructures that have to connect into that capability. And then its a long path for us to get our customers to build those kinds of capabilities. But were focused on it as the primary foundation for everything we do in the world of homeland security. Next page: Will Linux play a role?


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel