When Bill Gates talks about security, as he did before an audience of hard-core security pros at the recent RSA Conference in San Francisco, the Microsoft chairman and chief software architect approaches the subject from—for him—a logical place: the center of his desktop. Its like the famous Saul Steinberg "New Yorker" cover: Windows, Office and Internet Explorer in the foreground; .Net servers ringing the enterprise inside a firewall; then XML Web services stretching out across the network to the horizon.
From Gates viewpoint, the job looks straightforward. First, lock down Windows by turning on XP Service Pack 2s Windows Firewall by default. When an application wants to speak to the network, the firewall asks you to unblock port access for the program and then dynamically closes the port when youre finished. Then add SP2s Windows Security Center, which monitors system security and enables tools such as system tray alerts to notify you when anti-virus software is out-of-date or turned off. And couple that with an enhanced Internet Explorer Gold Bar, which blocks pop-up ads and renegade ActiveX controls.
Gates is looking to next year for Dynamic System Protection, which can detect when a patch is missing and tell the firewall to block suspicious traffic that contains symptoms of malicious code. For todays virulent entry point for spam, viruses and worms, Gates proposes Caller ID for e-mail, a Microsoft-patented but royalty-free technology to authenticate mail coming from a particular domain.
There are clouds in this picture, such as how Microsoft might earn real money for all this. For starters, SP2 is shaping up as a stealth operating system update. Even if code trickles down behind the scenes via Windows Update, the company may have to spend millions persuading consumers to let the code finish installing.
Then theres that dynamic application port-closing feature in Windows Firewall. What happens if Redmond cuts a deal with the RIAA to close those pesky peer-to-peer ports when you download "The Grey Album"? Or takes the million people who did download the remix of the Beatles "White Album" and Jay Zs "Black Album" and puts them on an Exchange Caller ID blacklist?
Paranoia? Maybe. Its the same stuff that killed HailStorm and Passport. Just look at Apples success with its iTunes/ iPod platform to see how damaging Gates digital rights management strategy is to his credibility. Instead of protecting users, hes protecting applications, intellectual property and business models.
Perhaps thats the basic weakness of Gates view. He seems unwilling or unable to accept Windows as part of the Net ecosystem. His failure to do so saps confidence in his approach. Each new e-mail attack serves to accelerate the move to IM, RSS and trusted social networks.
Contributing Editor Steve Gillmor is editor of eWEEK.coms Messaging and Collaboration Center. He can be reached at firstname.lastname@example.org.