| |
From: Bill Gates
Sent: Thursday, January 23, 2003 9:43 PM
Subject: Security in a Connected World
Jan. 23, 2003
As we increasingly rely on the Internet to communicate and conduct business,
a secure computing platform has never been more important. Along with the
vast benefits of increased connectivity, new security risks have emerged on
a scale that few in our industry fully anticipated.
As everyone who uses a computer knows, the confidentiality, integrity and
availability of data and systems can be compromised in many ways, from
hacker attacks to Internet-based worms. These security breaches carry
significant costs. Although many companies do not detect or report attacks,
the most recent computer crime and security survey performed by the Computer
Security Institute and the Federal Bureau of Investigation totaled more than
$455 million in quantified financial losses in the United States alone in
2001. Of those surveyed, 74 percent cited their Internet connection as a key
point of attack.
As a leader in the computing industry, Microsoft has a responsibility to
help its customers address these concerns, so they no longer have to choose
between security and usability. This is a long-term effort. As attacks on
computer networks become more sophisticated, we must innovate in many areas
- such as digital rights management, public key cryptology, multi-site
authentication, and enhanced network and PC protection - to enable people to
manage their information securely.
A year ago, I challenged Microsoft's 50,000 employees to build a Trustworthy
Computing environment for customers so that computing is as reliable as the
electricity that powers our homes and businesses today. To meet Microsoft's
goal of creating products that combine the best of innovation and
predictability, we are focusing on four specific areas: security, privacy,
reliability and business integrity. Over the past year, we have made
significant progress on all these fronts. In particular, I'd like to report
on the advances we've made and the challenges we still face in the security
area. As a subscriber to Executive Emails from Microsoft, I hope you will
find this information helpful.
In order to realize the full potential of computers to advance e-commerce,
enable new kinds of communication and enhance productivity, security will
need to improve dramatically. Based on discussions with customers and our
own internal reviews, it was clear that we needed to create a framework that
would support the kind of innovation, state-of-the-art processes and
cultural shifts necessary to make a fundamental advance in the security of
our software products. In the past year we have created new product-design
methodologies, coding practices, test procedures, security-incident handling
and product-support processes that meet the objectives of this security
framework:
Secure by Design: In early 2002 we took the unprecedented step of
stopping the development work of 8,500 Windows engineers while the company
conducted 10 weeks of intensive security training and analyzed the Windows
code base. Although engineers receive formal academic training on developing
security features, there is very little training available on how to write
secure code. Every Windows engineer, plus several thousand engineers in
other parts of the company, was given special training covering secure
programming, testing techniques and threat modeling. The threat modeling
process, rare in the software world, taught program managers, architects and
testers to think like attackers. And indeed, fully one-half of all bugs
identified during the Windows security push were found during threat
analysis.
We have also made important breakthroughs in minimizing the amount of
security-related code in products that is vulnerable to attack, and in our
ability to test large pieces of code more efficiently. Because testing is
both time-consuming and costly, it's important that defects are detected as
early as possible in the development cycle. To optimize which tests are run
at what points in the design cycle, Microsoft has developed a system that
prioritizes the application's given set of tests, based on what changes have
been made to the program. The system is able to operate on large programs
built from millions of lines of source code, and produce results within a
few minutes, when previously it took hours or days.
The scope of our security reviews represents an unprecedented level of
effort for software manufacturers, and it's begun to pay off as
vulnerabilities are eliminated through offerings like Windows XP Service
Pack 1. We also put Visual Studio .NET through an incredibly vigorous design
review, threat modeling and security push, and in the coming months we will
be releasing other major products that have gone through our Trustworthy
Computing security review cycle: Windows Server 2003, the next versions of
SQL and Exchange Servers, and Office 11.
Looking ahead, we are working on a new hardware/software architecture for
the Windows PC platform (initially codenamed "Palladium"), which will
significantly enhance the integrity, privacy and data security of computer
systems by eliminating many "weak links." For example, today anyone can look
into a graphics card's memory, which is obviously not good if the memory
contains a user's banking transactions or other sensitive information. Part
of the focus of this initiative is to provide "curtained" memory - pages of
memory that are walled off from other applications and even the operating
system to prevent surreptitious observation - as well as the ability to
provide security along the path from keyboard to monitor. This technology
will also attest to the reliability of data, and provide sealed storage, so
valuable information can only be accessed by trusted software components.
Secure by Default: In the past, a product feature was typically
enabled by default if there was any possibility that a customer might want
to use it. Today, we are closely examining when to pre-configure products as
"locked down," meaning that the most secure options are the default
settings. For example, in the forthcoming Windows Server 2003, services such
as Content Indexing Service, Messenger and NetDDE will be turned off by
default. In Office XP, macros are turned off by default. VBScript is turned
off by default in Office XP SP1. And Internet Explorer frame display is
disabled in the "restricted sites" zone, which reduces the opportunity for
the frames mechanism in HTML email to be used as an attack vector.
Secure in Deployment: To help customers deploy and maintain our
products securely, we have updated and significantly expanded our security
tools in the past year. Consumers and small businesses can stay up to date
on security patches by using the automatic update feature of Windows Update.
Last year, we introduced Software Update Services (SUS) and the Systems
Management Server 2.0 SUS Feature Pack to improve patch management for
larger enterprises. We released Microsoft Baseline Security Analyzer, which
scans for missing security updates, analyzes configurations for poor or weak
security settings, and advises users how to fix the issues found. We have
also introduced prescriptive documents for Windows 2000 and Exchange to help
ensure that customers can configure and deploy these products more securely.
In addition, we are working with a number of major customers to implement
smart cards as a way of minimizing the weak link associated with passwords.
Microsoft itself now requires smart cards for remote access by employees,
and over time we expect that most businesses will go to smart card ID
systems.
Communications: To keep customers better informed about security
issues, we made several important changes over the past year. Feedback from
customers indicated that our security bulletins, though useful to IT
professionals, were too detailed for the typical consumer. Customers also
told us they wanted more differentiation on security fixes, so they could
quickly decide which ones to prioritize. In response, Microsoft worked with
industry professionals to develop a new security bulletin severity rating
system, and introduced consumer bulletins. We are also developing an email
notification system that will enable customers to subscribe to the
particular security bulletins they want.
What's Next
In the past decade, computers and networks have become an integral part of
business processes and everyday life. In the Digital Decade we're now
embarking on, billions of intelligent devices will be connected to the
Internet. This fundamental change will bring great opportunities as well as
new, constantly evolving security challenges.
While we've accomplished a lot in the past year, there is still more to do -
at Microsoft and across our industry. We invested more than $200 million in
2002 improving Windows security, and significantly more on our security work
with other products. In the coming year, we will continue to work with
customers, government officials and industry partners to deliver more secure
products, and to share our findings and knowledge about security. In the
meantime, there are three things customers can do to help: 1) stay up to
date on patches, 2) use anti-virus software and keep it up to date with the
latest signatures, and 3) use firewalls.
There's much more I'd like to share with you about our security initiatives.
If you would like to dig deeper, here is information and links
http://www.microsoft.com/mscorp/execmail/2003/01-23security2.asp to help
you make your computer systems more secure.
Bill Gates
From: Steve Ballmer
Sent: Wednesday, November 13, 2002 6:10 PM
Subject: Looking Forward
Nov. 13, 2002
Thanks for subscribing to receive occasional emails from me, Bill Gates and
other Microsoft executives on important technology and public-policy topics.
We really appreciate your interest, and we value the comments and questions
that many readers have sent us in response to previous mails.
Today, I want to share some thoughts about Microsoft's changing role in the
technology industry now that the antitrust settlement has been approved -
about how we as a company are forging a new relationship with our customers,
our partners, the industry and governments around the world. I believe we
are creating an entirely new Microsoft.
The Settlement and Beyond
Two weeks ago, the U.S. District Court ruled that our settlement with the
Department of Justice and nine States is in the public interest. The
settlement was reached through extensive mediation with the Department of
Justice and State Attorneys General, and has now been approved after
thorough judicial review. The settlement is tough but fair. It puts new
obligations and responsibilities on our company, and we fully embrace them.
We have already made many of the necessary changes, and we are dedicated -
from the top down - to living up to these obligations:
- We are restricted in how we negotiate with computer manufacturers. We now
operate based on a transparent and uniform price list for the Windows
operating systems.
- We are required to make design changes in the Windows user interface so
that access to certain Microsoft features can be removed to give prominence
to competitor products instead.
- We have identified nearly 300 internal Windows interfaces and have
disclosed these (at no charge) to competitors and others in the industry so
that they can use these to interoperate with Windows.
- We have made available for license the protocols that the Windows desktop
operating system uses to communicate with our Windows server operating
system. Competing server software vendors can acquire up to 113 protocols
under this program.
Last week, in response to the judge's directive, Microsoft's Board of
Directors created a Compliance Committee that will be chaired by Dr. James
Cash of Harvard Business School, an outside member of our board. The
Committee has two other members - Ann McLaughlin Korologos, a former U.S.
Secretary of Labor, and Raymond Gilmartin, CEO of Merck. We also are in the
process of appointing members to a Technical Committee with the Department
of Justice. We have an Internal Compliance Officer. And we have rigorous and
ongoing oversight from the federal government, the States and the Court.
A New Kind of Industry Leader
As CEO, I can personally assure you that Microsoft will commit all the time,
energy and resources necessary to follow through on our responsibilities.
But many people ask me: What have you learned from all this?
The answer is that we have learned a great deal from our experiences of
these past few years, in particular about our responsibilities as an
industry leader. During the antitrust lawsuit, not everyone in our industry
raced to support us. As we listened to our supporters - and our critics - we
learned that we needed to take a different perspective on being a good
industry leader.
Frankly, part of the problem was that, even five years ago, we still tended
to think of ourselves as the small startup company that we were not so long
ago. Today we recognize that our decisions have an impact on many other
technology companies. We have an important leadership role to play in our
industry, and we must play by new rules - both legally and as determined by
industry trends.
For example, we recognize that we need to support industry cooperation in
new and creative ways, as we're doing in the development of standards based
on eXtensible Markup Language, or XML. The entire industry has embraced XML
as the universal way for computers to talk to each other in a much richer
way across the World Wide Web. Today companies like Microsoft and IBM
collaborate on enhancing XML-based standards while at the same time
competing to make innovative, easy-to-use software that helps customers take
advantage of the power of XML.
Another example of our dedication to doing a better job of industry
partnership is our recent work with IBM, VeriSign and other companies in
developing security solutions based on industry standards, enhancing
security for the entire technology industry and its customers.
Besides working better within our own industry, we are reaching out to
cooperate even more with national and local governments, and international
organizations. In fact, I think we are on the verge of a new era of
partnership with government - not just for our company, but for the broader
industry.
For example, we're actively cooperating with governments at all levels to
fight identity theft, cyber-crime and attacks on the Internet, such as the
concerted attacks on DNS servers last month. With more and more critical
business transactions taking place on the Internet, hacking is becoming a
big-time crime - and security is fundamentally about fighting a community of
criminals who are looking to steal people's identities, break into banks or
disrupt the Internet. Working together, industry and government can restore
the integrity of the Internet and help make it more secure.
A New Microsoft
Microsoft has changed enormously since it started 27 years ago. When I
joined in 1980, we had about 30 employees, and we never dreamed, in our
wildest imaginations, that we would eventually employ over 50,000 people in
more than 70 countries. I certainly never imagined that I would someday be
CEO of such a large and complex enterprise. When I assumed that role almost
three years ago, the goal was very clear - I would be responsible for
overall management of the company and business strategy, and Bill would
focus on working with the product groups and developing our long-term
technological vision.
I spend a lot of time thinking about the difference between a good company
and a truly great company. I definitely think that Microsoft is a very good
company - and I want to make Microsoft a truly great company that is
respected and successful over the next 50 years. That's why I spend so much
of my time and energy working on the foundation of the company - our people,
our values, how we work across different groups within the company, how we
work with the industry and with government. If we get those things right,
then we've built the foundation for a truly great company.
When we started, our goal was to put a PC in every home and on every desk.
Today, we have a new mission - to make great software that helps people and
businesses realize their potential. In many ways, this new mission is simply
an extension of the vision that has driven us from the beginning. We see an
opportunity for our technology to go from running PCs to connecting people
to all the information they need - at home, at work and in the classroom.
This broader mission is reflected in our internal organization. We have
built a new series of leadership teams for each of our business segments. We
remain unified around a shared platform and a shared vision for improving
people's lives. But we have also built teams with a great deal of
accountability and independence to strive to be the best in new, emerging
areas of technology.
Along with this new management approach, we have affirmed a set of basic
values that are now part of every employee's performance review. It starts
with integrity and honesty. We're committed to being upfront about what we
are doing and who it affects, open in communicating about every aspect of
our business, and sensitive to the new issues of corporate governance that
have become increasingly important to market confidence.
One of the hallmarks of Microsoft is that we dream big. That is why we're
investing record sums in the future - US$5 billion for R&D this year alone.
We're passionate in our belief that technology can change the world and
improve people's lives. We don't always succeed, but if one of our products
falls short, we don't sugarcoat the problems. We are accountable for our
actions, and we always dig in and make it better.
We are renewing our commitment to improve our communications with partners
and customers. We are dedicated to being a responsible leader in our
industry. And we are passionate about bringing the benefits of digital
technology to every community in the world. Everything we do supports our
mission of becoming a global technology provider that makes great software
to help people realize their potential - whether that's on the PC, the
Internet, or a gaming or handheld device.
As a company, we have changed and grown over the past few years. We are
committed to being a great partner and a responsible industry leader, and,
above all, we remain unceasingly optimistic about the future.
Thanks again for your interest.
Steve Ballmer
For news on the antitrust settlement or to read the ruling, please go to
http://www.microsoft.com/presspass/legalnews.asp.
For background on Microsoft's compliance with the settlement, please go to
http://www.microsoft.com/legal/settlementprogram/.
For information about Microsoft's partnership programs, please go to
http://members.microsoft.com/partner/default.aspx.
For more on Microsoft's efforts to enhance the security of information
technology, please go to
http://www.microsoft.com/security/.
For more about Microsoft's mission and values, please go to
http://www.microsoft.com/mscorp/articles/mission_values.asp.
For information about Microsoft's privacy policies, please go to:
http://www.microsoft.com/info/privacy.htm.
From: Steve Ballmer
Sent: Wednesday, October 2, 2002 5:18 PM
Subject: Connecting with Customers
Oct. 2, 2002
A couple of months ago, after you received an email from Bill Gates about
Microsoft's efforts toward Trustworthy Computing, you subscribed to receive
future mails from Bill and me, and sometimes from other Microsoft
executives, on important technology and public-policy issues. We really
appreciate your interest.
I spend a lot of my time thinking about how Microsoft can do a better job of
serving its customers. I'm convinced that we need to do more to establish
and maintain broad connections with the millions of people who use our
products and services around the world. We need to more thoroughly
understand their needs, how they use technology, what they like about it,
and what they don't. I'd like to share with you some of what we've recently
begun to do and are planning for in the future to better connect with our
customers.
Software and Snack Food
In my career, I've worked at only one other place besides Microsoft. I
marketed brownie mix and blueberry muffin mix for one of the largest
consumer products companies. I'm glad I decided to join Microsoft 22 years
ago, when it was a little software startup, but I have great admiration for
successful consumer businesses, and I believe Microsoft can learn from them.
Behind the leading brands are companies that really know their customers.
These firms devote a great deal of time and energy to gaining an intimate
understanding of consumers, their reactions to every aspect of products, and
how those products fit into their lives. Even so, not every new grocery or
drug-store item succeeds. But by using the huge volume of data that feeds
back from the daily purchase decisions of millions of consumers, marketers
manage over time to figure out what consumers want in cake mix, soft drinks,
shampoo, and so on. And these same products often go on satisfying consumers
for decades.
Satisfying customers is what it's all about with technology products, too.
And customers expect the same high quality and reliability in computing
devices and software as they do in consumer products. But meeting their
expectations is much harder, and not just because information technology is
more complex and interdependent. The challenge has more to do with the
flexibility of technology and its continual, rapid advance. To take
advantage of this and expand what people can do with hardware and software,
computer products must constantly evolve. As a result, products are seldom
around long enough in one form to be fully time-tested, let alone perfected.
And customers continually come up with new uses for their technology, new
combinations and configurations that further complicate technology
companies' efforts to ensure a satisfying experience, free of hiccups and
glitches.
If technology products are to approach the satisfying consistency of
consumer staples - and clearly they should - then we in the industry need a
more detailed knowledge of customers' experiences with our products. We must
do a better job of connecting with customers. For a company such as
Microsoft, with many millions of customers around the world, the connections
must be very broad. While we are working to deepen our relationships with
enterprise and other business customers, we also need to make innumerable,
daily connections with the very wide array of people who use our products -
consumers, information workers, software developers and information
technology professionals.
In the past year, we specifically identified some near-term objectives on
the road to further product improvements and greater customer satisfaction.
Among them:
- Obtain much more feedback from our customers about their experience;
- Offer customers easier, more consistent ways to update their products;
- Provide customers with more effective, readily available support and
service.
We have a long way to go, but we're excited about the results so far from
some of our recent efforts. I'd like to share just one great example, and
then I'll tell you how you can learn more about what we're doing along these
lines.
A New Pipeline for Customer Feedback
Let's acknowledge a sad truth about software: any code of significant scope
and power will have bugs in it. Even a relatively simple software product
today has millions of lines of code that provide many places for bugs to
hide. That's why our customers still encounter bugs despite the rigorous and
extensive stress testing and beta testing we do. With Windows 2000 and
Windows XP, we dramatically improved the stability and reliability of our
platform, and we eliminated many flaws, but we did not find all the bugs in
these or other products. Nor did we find all the software conflicts that can
cause applications to freeze up or otherwise fail to perform as expected.
The process of finding and fixing software problems has been hindered by a
lack of reliable data on the precise nature of the problems customers
encounter in the real world. Freeze-ups and crashes can be incredibly
irritating, but rarely do customers contact technical support about them;
instead, they close the program. Even when customers do call support and we
resolve a problem, we often do not glean enough detail to trace its cause or
prevent it from recurring.
To give us better feedback, a small team in our Office group built a system
that helps us gather real-world data about the causes of customers' problems
- in particular, about crashes. This system is now built into Office,
Windows, and most of our other major products, including our forthcoming
Windows .NET Servers. It enables customers to send us an error report, if
they choose, whenever anything goes wrong.
There are risks in offering this option to have software "phone home" like
E.T. One risk is that error reporting could compound a customer's irritation
over the error itself. We therefore worked hard to make reporting simple and
quick. We developed a special format, called a "minidump," to minimize the
size of the report so that it can be transferred in a few seconds with a
single mouse click.
Also, customers may wonder what we do with their reports and whether their
privacy is protected. We use advanced security technologies to help protect
these error reports, which are gathered on a cluster of dedicated Microsoft
servers and are used for no other purpose than to find and fix bugs.
Engineers look at stack details, some system information, a list of loaded
modules, the type of exception, and global and local variables.
We've been amazed by the patterns revealed in the error reports that
customers are sending us. The reports identify bugs not only in our own
software, but in Windows-based applications from independent hardware and
software vendors as well. One really exciting thing we learned is how, among
all the software bugs involved in reports, a relatively small proportion
causes most of the errors. About 20 percent of the bugs cause 80 percent of
all errors, and - this is stunning to me - one percent of bugs cause half of
all errors.
With this immensely valuable feedback from our customers, we're now able to
prioritize debugging work on our products to achieve the biggest improvement
in customers' experience. And as the work proceeds based on this new source
of systematic data, the improvement will be dramatic. Already, in Windows XP
Service Pack 1, error reporting enabled us to address 29 percent of errors
involving the operating system and applications running on it, including a
large number of third-party applications. Error reporting helped us to
eliminate more than half of all Office XP errors with Office XP Service Pack
2.
Work continues to find and fix remaining bugs in these and other existing
products, but error reporting is now also helping us to resolve more
problems before new products are released. Visual Studio .NET, released last
February, was one of our first products to benefit from the use of
error-reporting data throughout its beta testing. Error reporting enabled us
to log and fix 74 percent of all crashes reported in the first beta version.
Many other problems were caught and eliminated in subsequent testing rounds.
And we're not keeping this great tool to ourselves. We're working with
independent hardware and software vendors to help them use our
error-reporting data to improve their products, too. Some 450 companies have
accessed our database of error reports related to their drivers, utilities
and applications. Marked decreases in some types of errors have followed.
Those involving third-party firewall software, for example, have dropped 67
percent since the first of the year. Also, we've created software that
enables corporations to redirect error reports to their own servers, so that
administrators can find and resolve the problems that are having the most
impact on their systems.
This Is Just the Beginning
We're working to make error reporting a much more supple tool that provides
helpful information to customers while enabling us to improve their
experience in new ways. As we understand more errors, we're adding an option
for customers to go to a website where they can learn more about and even
fix the errors they report. In the future we want to enable customers to
look up the history of their error reports and our efforts to resolve them.
And we're trying to create easy ways for customers to send us more nuanced
feedback about their experience with our products - not only about crashes,
but also about features that don't work the way or as easily as people would
like.
Microsoft Error Reporting is just one of the ways in which we're trying to
create broader customer connections. Another is through our software update
and management services, which make it easy for customers to keep their
software current. We're also making significant changes in our product
service and support to enhance their value, and to speed the resolution of
customer problems. Soon we will commit to a new policy that will give
customers greater clarity and confidence about our support for products
through their lifecycles.
There's much more I would like to share with you about these and other
initiatives on behalf of customers, but I wanted to be (relatively) brief.
If you would like to know more, you'll find information and links to help
you drill down even further here (www.microsoft.com/mscorp/execmail/2002/10-02customers2.asp.)
Ultimately, we're trying to change how software developers do their jobs on
a daily basis. We're working to establish more of a direct, interactive
connection between developers and customers, leading to better software and
happier customers. To get there, we intend to listen even more closely to
our customers, consult with them regularly, and be more responsive. This is
the message I am sending to all of Microsoft's employees, and it is my
commitment to you.
Thanks for taking the time to read this.
Steve Ballmer
For information about Microsoft's privacy policies, please go to:
http://www.microsoft.com/info/privacy.htm.
From: Bill Gates
Sent: Friday, July 19, 2002 6:47 AM
Subject: Trustworthy computing
As I've talked with customers over the last year - from individual consumers
to big enterprise customers - it's clear that everyone recognizes that
computers play an increasingly important and useful role in our lives. At
the same time, many of the people I talk to are concerned about the security
of the technologies they depend on. They are concerned about whether their
personal data is being protected. Although they know that computers can do
amazing things, they are frustrated that their technology doesn't always
work consistently. And they want assurances that the high-tech industry
takes these concerns seriously and is working to improve their computing
experience.
Six months ago, I sent a call-to-action to Microsoft's 50,000 employees,
outlining what I believe is the highest priority for the company and for our
industry over the next decade: building a Trustworthy Computing environment
for customers that is as reliable as the electricity that powers our homes
and businesses today.
This is an important part of the evolution of the Internet, because without
a Trustworthy Computing ecosystem, the full promise of technology to help
people and businesses realize their potential will not be fulfilled.
Ironically, it is the growth of the Internet and the advent of massive
computing systems built from loose affiliations of services, machines,
communications networks and application software that have helped create the
potential for increased vulnerabilities.
There are already solutions that eliminate weak links such as passwords and
fake email. At Microsoft we're combining passwords with "smart cards" to
authenticate users. We're also working with others throughout the industry
to improve Internet protocols to stop email that could propagate misleading
information or malicious code that falsely appears to be from trusted
senders. And we are making fundamental changes in the way we develop
software, in our operational and business practices, and in our customer
support efforts to make the computing experiences we provide more
trustworthy.
For example, we've historically made our software and services more
compelling for users primarily by adding new features and functionality.
While we are continuing to invest significantly in delivering new
capabilities that customers ask for, we are now making security improvements
an even higher priority than adding features. For example, we made changes
to Microsoft Outlook to block email attachments associated with unsafe
files, prevent access to a user's address book, and give administrators the
ability to manage email security settings for their organization. As a
result of these changes, the number of email virus incidents has dropped
dramatically. In fact, email viruses like the recent "Frethem" virus
propagate only to systems that have not been updated - underscoring the
importance of updating them regularly.
We are also undertaking a rigorous and exhaustive review of many Microsoft
products to minimize other potential security vulnerabilities. Earlier this
year, the development work of more than 8,500 Microsoft engineers was put on
hold while we conducted an intensive security analysis of millions of lines
of Windows source code. Every Windows engineer and several thousand
engineers in other parts of the company were also given special training in
writing secure software. We estimated that the stand-down would take 30
days. It took nearly twice that long, and cost Microsoft more than $100
million. We've undertaken similar code reviews and security training for
Microsoft Office and Visual Studio .NET, and will be doing so for other
products as well.
THE TRUSTWORTHY COMPUTING FRAMEWORK
Trustworthy Computing has four pillars: reliability, security, privacy and
business integrity. "Reliability" means that a computer system is
dependable, is available when needed, and performs as expected and at
appropriate levels. "Security" means that a system is resilient to attack,
and that the confidentiality, integrity and availability of both the system
and its data are protected. "Privacy" means that individuals have the
ability to control data about themselves and that those using such data
faithfully adhere to fair information principles. "Business Integrity" is
about companies in our industry being responsible to customers and helping
them find appropriate solutions for their business issues, addressing
problems with products or services, and being open in interactions with
customers.
Creating a Trustworthy Computing environment requires several steps:
- Making software code more secure and reliable. Our developers have tools
and methodologies that will make an order-of-magnitude improvement in their
work from the standpoint of security and safety.
- Keeping ahead of security exploits. Distributing updates using the
Internet so that all systems are up to date. Windows Update and Software
Update Services, discussed below, provide the infrastructure for this.
- Early Recovery. In case of a problem, having the capability to restore and
get systems back up and running in exactly the same state they were in
before an incident, with minimal intervention.
FIRST STEPS TOWARD MORE TRUSTWORTHY COMPUTING
There is still much work that Microsoft and others in our industry must do
to make computing more trustworthy. Here is a summary of some of the
progress we've made, six months after my email to Microsoft employees:
- We have changed the way we design and develop software at all phases of
the product development cycle. Our new processes should greatly minimize
errors in software, and speed up the development process for new products
and services.
- Software Update Services (SUS) is a security management tool for business
customers that enables IT administrators to quickly and reliably deploy
critical updates from inside their corporate firewall to Windows 2000-based
servers and desktop computers running Windows 2000 Professional and Windows
XP Professional.
- Microsoft Baseline Security Analyzer is a new tool that customers can use
to analyze Windows 2000 and Windows XP systems for common security
misconfigurations, and to scan for missing security hot fixes and
vulnerabilities on a variety of products, including newer versions of
Internet Information Server, SQL Server and Office.
- In addition to providing customers with tools and resources to help them
maximize the security of Windows 2000 Server environments, we are committed
to shipping Windows .NET Server 2003 as "secure by default." We believe it's
critical to provide customers with a foundation that has been configured to
maximize security right out of the box, while continuing to provide
customers with a rich set of integrated features and capabilities.
- The error-reporting features built into Office XP and Windows XP are
giving us an enormous amount of feedback and a much clearer view of the
kinds of problems customers have, and how we can raise the level of
reliability in those products - and that of products made by other
companies. As part of this effort, we recently created a secure website
where software and hardware vendors can view error reports related to their
drivers, utilities and applications that are reported through our system.
This enables the vendors who work with us to identify recurring problems and
address them far more quickly than in the past. All of our server software
products will incorporate these error-reporting features in subsequent
versions of the products.
- With Microsoft Windows Update, we are completing the customer-feedback
loop based on the error-reporting features mentioned above. This globally
available Web service delivers more than 300 million downloads per month of
the most current versions of product fixes, updates and enhancements. When
customers connect to the site, they can choose to have their computer
automatically evaluated to check which updates need to be applied in order
to keep their system up-to-date, as well as identify any critical updates to
keep their system safe and secure.
- We are working on a new hardware/software architecture for the Windows PC
platform, code-named "Palladium," which will significantly enhance users'
system integrity, privacy and data security. This new technology, which will
be included in a future version of Windows, will enable applications and
application components to run in a protected memory space that is highly
resistant to tampering and interference. This will greatly reduce the risk
of viruses, other attacks, or attempts to acquire personal information or
digital property with malicious or illegal intent. Our goal is for the
Palladium development process to be a collaborative industry initiative.
- We've incorporated what is known as P3P (Platform for Privacy Preferences)
technology in the Internet Explorer browser technology in Windows XP, which
enhances a user's ability to set privacy levels to suit his or her needs.
The P3P standard enables a user's browser to compare any P3P-compliant website's privacy practices to that user's privacy settings, and to decide
whether to accept cookies from that site.
Identifying and addressing critical Trustworthy Computing issues will
require significant collaboration across our industry. One example of the
kind of cross-industry effort we need more of is the recent creation of the
Web Services Interoperability (WS-I) Organization (http://www.ws-i.org/).
Founded by IBM, Microsoft and other industry leaders including Intel,
Oracle, SAP, Hewlett-Packard, BEA Systems and Accenture, WS-I's mission is
to enable consistent and reliable interoperability of XML-based Web services
across a variety of platforms, applications and programming languages. Among
other things, WS-I will create a suite of test tools aimed at addressing
errors and unconventional usage in Web services specifications
implementations, which in turn will improve interoperability among
applications and across platforms.
WHAT YOU CAN DO
Given the complexity of the computing ecosystem, and the dynamic nature of
the technology industry, Trustworthy Computing really is a journey rather
than a destination. Microsoft is fully committed to this path, but it is not
something we can do alone. It requires the leadership of many others in our
industry and a commitment by customers to establish and maintain a secure
and reliable computing environment. For customers, the most important first
step is understanding what it will take to make their computers and networks
more reliable and safe. Below are some suggestions on what individuals and
businesses can do to create a more Trustworthy Computing environment for
themselves and others.
- Give us feedback by using the error-reporting features built into Office
XP and Windows XP.
- Use Microsoft Windows Update (http://www.windowsupdate.com/)
to ensure that you have the most up-to-date and accurate versions of product
updates, enhancements and fixes.
- Businesses customers can take advantage of Software Update Services to
download critical updates from Windows Update. (http://www.microsoft.com/windows2000/windowsupdate/sus/)
- Use Microsoft Baseline Security Analyzer to analyze Windows XP and Windows
2000 for common security misconfigurations. (http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/tools/Tools/MBSAhome.asp)
- Enterprise Systems Integrators can take advantage of the Systems
Integrator Source Licensing Program (http://www.microsoft.com/licensing/sharedsource/).
- Hardware, software or systems vendors can sign up for Microsoft's Windows
Logo Program at
http://www.microsoft.com/winlogo/ to ensure a high-quality user
experience.
- Find more information about computing security at
http://www.microsoft.com/security/.
- Our White Paper on Trustworthy Computing is at
http://www.microsoft.com/PressPass/exec/craig/05-01trustworthywp.asp.
- If you don't already have Internet Explorer 6.0, download it for free at
http://www.microsoft.com/windows/ie/evaluation/overview/ to take
advantage of its increased reliability and security and privacy features.
We are doing everything we can at Microsoft to make software as trustworthy
as possible. By building awareness, through collaborative work and with a
long-term commitment, I am confident we can and will create a truly
Trustworthy Computing environment.
Bill Gates
For information about Microsoft's privacy policies, please go to:
http://www.microsoft.com/info/privacy.htm.
From: Bill Gates
Sent: Tuesday, January 15, 2002 5:22 PM
To: Microsoft and Subsidiaries: All FTE
Subject: Trustworthy computing
Every few years I have sent out a memo talking about the highest priority
for Microsoft. Two years ago, it was the kickoff of our .NET strategy.
Before that, it was several memos about the importance of the Internet to
our future and the ways we could make the Internet truly useful for people.
Over the last year it has become clear that ensuring .NET is a platform for
Trustworthy Computing is more important than any other part of our work. If
we don't do this, people simply won't be willing - or able - to take
advantage of all the other great work we do. Trustworthy Computing is the
highest priority for all the work we are doing. We must lead the industry to
a whole new level of Trustworthiness in computing.
When we started work on Microsoft .NET more than two years ago, we set a new
direction for the company - and articulated a new way to think about our
software. Rather than developing standalone applications and websites,
today we're moving towards smart clients with rich user interfaces
interacting with Web services. We're driving the XML Web services standards
so that systems from all vendors can share information, while working to
make Windows the best client and server for this new era.
There is a lot of excitement about what this architecture makes possible. It
allows the dreams about e-business that have been hyped over the last few
years to become a reality. It enables people to collaborate in new ways,
including how they read, communicate, share annotations, analyze information
and meet.
However, even more important than any of these new capabilities is the fact
that it is designed from the ground up to deliver Trustworthy Computing.
What I mean by this is that customers will always be able to rely on these
systems to be available and to secure their information. Trustworthy
Computing is computing that is as available, reliable and secure as
electricity, water services and telephony.
Today, in the developed world, we do not worry about electricity and water
services being available. With telephony, we rely both on its availability
and its security for conducting highly confidential business transactions
without worrying that information about who we call or what we say will be
compromised. Computing falls well short of this, ranging from the individual
user who isn't willing to add a new application because it might destabilize
their system, to a corporation that moves slowly to embrace e-business
because today's platforms don't make the grade.
The events of last year - from September's terrorist attacks to a number of
malicious and highly publicized computer viruses - reminded every one of us
how important it is to ensure the integrity and security of our critical
infrastructure, whether it's the airlines or computer systems.
Computing is already an important part of many people's lives. Within ten
years, it will be an integral and indispensable part of almost everything we
do. Microsoft and the computer industry will only succeed in that world if
CIOs, consumers and everyone else sees that Microsoft has created a platform
for Trustworthy Computing.
Every week there are reports of newly discovered security problems in all
kinds of software, from individual applications and services to Windows,
Linux, Unix and other platforms. We have done a great job of having teams
work around the clock to deliver security fixes for any problems that arise.
Our responsiveness has been unmatched - but as an industry leader we can and
must do better. Our new design approaches need to dramatically reduce the
number of such issues that come up in the software that Microsoft, its
partners and its customers create. We need to make it automatic for
customers to get the benefits of these fixes. Eventually, our software
should be so fundamentally secure that customers never even worry about it.
No Trustworthy Computing platform exists today. It is only in the context of
the basic redesign we have done around .NET that we can achieve this. The
key design decisions we made around .NET include the advances we need to
deliver on this vision. Visual Studio .NET is the first multi-language tool
that is optimized for the creation of secure code, so it is a key foundation
element.
I've spent the past few months working with Craig Mundie's group and others
across the company to define what achieving Trustworthy Computing will
entail, and to focus our efforts on building trust into every one of our
products and services. Key aspects include:
Availability: Our products should always be available when
our customers need them. System outages should become a thing of the past
because of a software architecture that supports redundancy and automatic
recovery. Self-management should allow for service resumption without user
intervention in almost every case.
Security: The data our software and services store on behalf
of our customers should be protected from harm and used or modified only in
appropriate ways. Security models should be easy for developers to
understand and build into their applications.
Privacy: Users should be in control of how their data is
used. Policies for information use should be clear to the user. Users should
be in control of when and if they receive information to make best use of
their time. It should be easy for users to specify appropriate use of their
information including controlling the use of email they send.
Trustworthiness is a much broader concept than security, and
winning our customers' trust involves more than just fixing bugs and
achieving "five-nines" availability. It's a fundamental challenge that spans
the entire computing ecosystem, from individual chips all the way to global
Internet services. It's about smart software, services and industry-wide
cooperation.
There are many changes Microsoft needs to make as a company
to ensure and keep our customers' trust at every level - from the way we
develop software, to our support efforts, to our operational and business
practices. As software has become ever more complex, interdependent and
interconnected, our reputation as a company has in turn become more
vulnerable. Flaws in a single Microsoft product, service or policy not only
affect the quality of our platform and services overall, but also our
customers' view of us as a company.
In recent months, we've stepped up programs and services that help us create
better software and increase security for our customers. Last fall, we
launched the Strategic Technology Protection Program, making software like
IIS and Windows .NET Server secure by default, and educating our customers
on how to get - and stay - secure. The error-reporting features built into
Office XP and Windows XP are giving us a clear view of how to raise the
level of reliability. The Office team is focused on training and processes
that will anticipate and prevent security problems. In December, the Visual
Studio .NET team conducted a comprehensive review of every aspect of their
product for potential security issues. We will be conducting similarly
intensive reviews in the Windows division and throughout the company in the
coming months.
At the same time, we're in the process of training all our developers in the
latest secure coding techniques. We've also published books like "Writing
Secure Code," by Michael Howard and David LeBlanc, which gives all
developers the tools they need to build secure software from the ground up.
In addition, we must have even more highly trained sales, service and
support people, along with offerings such as security assessments and broad
security solutions. I encourage everyone at Microsoft to look at what we've
done so far and think about how they can contribute.
But we need to go much further.
In the past, we've made our software and services more compelling for users
by adding new features and functionality, and by making our platform richly
extensible. We've done a terrific job at that, but all those great features
won't matter unless customers trust our software. So now, when we face a
choice between adding features and resolving security issues, we need to
choose security. Our products should emphasize security right out of the
box, and we must constantly refine and improve that security as threats
evolve. A good example of this is the changes we made in Outlook to avoid
email borne viruses. If we discover a risk that a feature could compromise
someone's privacy, that problem gets solved first. If there is any way we
can better protect important data and minimize downtime, we should focus on
this. These principles should apply at every stage of the development cycle
of every kind of software we create, from operating systems and desktop
applications to global Web services.
Going forward, we must develop technologies and policies that help
businesses better manage ever larger networks of PCs, servers and other
intelligent devices, knowing that their critical business systems are safe
from harm. Systems will have to become self-managing and inherently
resilient. We need to prepare now for the kind of software that will make
this happen, and we must be the kind of company that people can rely on to
deliver it.
This priority touches on all the software work we do. By delivering on
Trustworthy Computing, customers will get dramatically more value out of our
advances than they have in the past. The challenge here is one that
Microsoft is uniquely suited to solve.
More discussion of our vision for Trustworthy Computing is in the internal
white paper at \\itgweb3\news\TrustComp.doc
Bill |
