Gates promotes Microsoft's security efforts at RSA

Microsoft is "on the right track" in securing its software, the company's Chairman and Chief Software Architect Bill Gates said Tuesday in a presentation that included new details on a Windows XP update and the company's spam-fighting efforts.

During Gates' keynote presentation at the RSA Conference in San Francisco, a Microsoft product manager showed for the first time a new feature for Windows XP called Windows Security Center that will be part of Windows XP Service Pack 2 (SP2), a significant update to the operating system that is due out in the first half of this year.

The Windows Security Center will be a central place to check important security settings, for example for firewall and antivirus software. It will also offer suggestions to better protect a Windows XP system, said Zachary Gutt, a Microsoft product manager who joined Gates on stage to demonstrate the Windows XP SP2 features.

Gutt also demonstrated the improved Windows Firewall, previously called Internet Connection Firewall, which will be delivered with Windows XP SP2 and showed off the pop-up ad blocker for Internet Explorer. For enterprise users, he underscored the ease of central management of the firewall, including two profiles: one for when a PC is connected to a corporate network and one for when it is not.

"SP2 is a release that is totally focused on security and in fact today that is the primary focus on the Windows team," Gates said. "We think this will be a very important release and we will ask people to install broadly."

As expected, Gates also promoted Microsoft's plans to combat unsolicited commercial e-mail, or spam, which he called not only a nuisance, but also a security threat. The Redmond, Wash., company is proposing technical standards it calls Caller ID for e-mail to authenticate the sender of an e-mail message.

"Having e-mail come in and not being able to identify where it is coming from is a huge security hole," Gates said. "Authenticating e-mail is a very key initiative for us." Gates described Caller ID as a "very specific technical proposal" that he expects his company can act on by this summer if it gets sufficient backing.

Microsoft's Caller ID plan uses the Internet's DNS to verify the domain a message came from. The plan requires e-mail server administrators to make changes. E-mail messages will have to include the IP address of their mail server, while the receiver's system has to be able to verify the address.

Microsoft will test Caller ID on its Hotmail service. The Web-based e-mail service will begin publishing outbound IP addresses Tuesday and will start checking inbound addresses midyear, Microsoft said in a statement. The company plans to offer a royalty free license on the patents it has on Caller ID for e-mail features, Gates said.

Microsoft is also giving Exchange the ability run e-mail filtering and proofing away from the main e-mail server. The company will deliver what it calls Exchange Edge Services, an enhancement to the SMTP relay implementation in Exchange Server, according to a Microsoft statement Tuesday.

The IDG News Service is a Network World affiliate.