Gates e-mails security brain dump to customers

Microsoft Chairman and Chief Software Architect Bill Gates reached out to his company’s customers on Wednesday in an e-mail that detailed the company’s work to secure its software products.

Microsoft Chairman and Chief Software Architect Bill Gates reached out to his company’s customers on Wednesday in an e-mail that detailed the company’s work to secure its software products.

In the message, Gates called computer security “as big and important a challenge as any our industry has ever tackled,” and said Microsoft is making “significant progress on the security front.”

The mammoth, 3,500 word e-mail was sent to customers who subscribed to receive executive e-mail and was titled A Microsoft Progress Report: Security. In it, Gates presents a laundry list of security initiatives at the company.

Among the developments Gates cites as evidence of progress on the security front are features in the forthcoming Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, the company’s recent Caller-ID antispam architecture, better Windows support for strong authentication and public key infrastructure (PKI) technology, and improved software coding practices at Microsoft.

Microsoft is dedicating a “major portion” of its research and development investments to security, and is looking at various technologies to protect businesses and consumers and thwart outbreaks of viruses and worms, the report said.

For corporations, Gates said that Microsoft was researching technology to inspect remote devices such as home computers that try to connect to corporate networks, blocking access for machines that don’t pass a health inspection.

Microsoft is also developing active protection technologies that adjust computer defenses based on changes in its “state” or block behaviors that might be caused by infection from a virus or a malicious hacker, the report said.

Security features in the company’s Internet Security and Acceleration Server 2004 will also help protect software applications and strengthen VPN connections with better content inspection for network traffic and network security policy management features.

Gates also promised better education for computer users around the world. Beginning in April, the company will host 21 Security Summits in cities across the U.S. to train IT professionals and developers

For consumers, Microsoft is building a Security Center into the Windows XP Control Panel to consolidate information about security features. The company is also adding a new software update service, Microsoft Update, that will cover Microsoft products beyond Windows, and will work with Internet service providers and antivirus companies to educate computer users about proper PC “hygiene,” the report said.

Gates has often used e-mail messages to Microsoft employees to signal important shifts in Microsoft’s strategy. For example, his now famous “Trustworthy Computing” e-mail from January, 2002, set security as the top priority for the company.

Unlike those messages, in which Gates rallies his company’s employees around a single idea, the latest missive resembles a technology “white paper,” mostly rehashing recent security announcements and position statements, including news from the recent RSA Security Conference in San Francisco.