Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • Networking

    Microsoft’s Trustworthy Computing, Security Still Priority 10 Years Later

    Written by

    Fahmida Y. Rashid
    Published January 14, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In 2002, then-CEO Bill Gates wrote a letter to every Microsoft employee stating that product security was a top priority for the software giant. While the fight against attackers is not over, the company has advanced significantly in making it harder to compromise the operating system and associated software, according to security experts in and out of Microsoft.

      Gates sent the email to all employees on Jan. 15, 2002, outlining the Trustworthy Computing initiative and called on employees to deliver products that were “as available, reliable and secure as standard services, such as electricity, water service and telephony.”

      At the time of the email, Windows systems around the world were under siege by fast-replicating and destructive worms and viruses such as CodeRed, Nimda, “I Love You,” and “Anna Kournikova.” CodeRed used buffer overflows to exploit vulnerabilities in Windows Server’s Internet Information Services (IIS) Web server and infected more than 300,000 computers.

      Gates ordered everyone in the company to stop and begin focusing on security. If there is a choice between adding features and resolving security issues, the company would “choose security,” Gates wrote. Microsoft needed to emphasize security “out of the box” and also “constantly refine and improve” the products because threats will evolve, according to the memo.

      “If we don’t do this, people simply won’t be willing-or able-to take advantage of all the other great work we do,” Gates wrote, adding, “We must lead the industry to a whole new level of Trustworthiness in computing.”

      Ten years after Gates outlined the company’s three new areas of focus as security, privacy and reliability, these areas remain “just as important” as organizations move to the cloud, government roles evolve and new cyber-threats emerge, Adrienne Hall, Microsoft’s general manager of TwC, wrote on the Trustworthy Computing blog Jan. 12.

      Microsoft’s Trustworthy Computing initiative permeates all parts of the company and touches upon many areas, including building security into products and services right from the design phase, regularly updating products and services, researching new and emerging threats, developing security products and working with law enforcement, Hall wrote. Under TwC, developers receive training on how to exploit migrations, and there are regular outreach efforts to external security researchers who probe the company’s products for weaknesses. Security runs through Microsoft employees’ veins, and Hall said, “It truly is in our DNA.”

      Other Companies Adopt Microsofts Security Practices

      The Security Development Lifecycle is a mandatory policy for all Microsoft software that ensures the teams are designing, building and testing more secure products, and supporting third-party vendors and the public to warn about vulnerabilities and resolving issues. Microsoft introduced in-depth defenses, such as address space layout randomization and data execution prevention, in its products, and added security features to guard against stack-overflow errors.

      Many companies, including Adobe and Cisco, have adapted Security Development Lifecycle to beef up their own internal security objectives. Adobe has been working hard to “transform itself into the next poster child for security,” Ron Gula, CEO and CTO of Tenable Network Security, told eWEEK.

      The company also focused on privacy in its products, publishing privacy standards for developers and providing consumers with layered privacy notices. Privacy will continue to be an “evolving and ongoing effort,” especially as cloud computing and the increasingly connected society creates “vast amounts of data,” David Burt, senior communications manager for Privacy & Safety Policy, wrote on theMicrosoft Privacy and Safety blog. Microsoft will continue to protect people’s privacy, Burt said.

      “We’re proud of what we’ve achieved and of the many innovations that have become accepted as industry best practices. But it would be wrong to congratulate ourselves on a job well done,” Hall said, adding, “There is still a lot on the road ahead.”

      Microsoft’s security efforts have made it harder for attackers to compromise the operating system, Gula said. The regular updates, security innovations such as address space layout randomization and data execution prevention, and the increased use of sandboxing, have increased the amount of time and effort attackers have to expend in their campaigns, Gula said.

      Many of the attacks have shifted focus, targeting Web applications because those are not built with security in mind, Gula said. While browser companies are innovating and stumbling over each other in their effort to roll out the next-best security features, the applications themselves generally aren’t built by developers with a security mindset, he said.

      Microsoft will focus on the “PC-plus era,” such as mobile devices and cloud computing, and the role of governments in computing in “TwC Next,” the next 10 years of TwC, said Scott Charney, corporate vice president of Trustworthy Computing. Security, privacy and reliability strategies must evolve to “remain potent,” Charney said, noting there was “still much work” that needed to be done to make computing “more trustworthy.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.