Microsoft's Trustworthy Computing security initiative has a long
way to go. That was the verdict of Craig Mundie, the company's
chief technical officer, in a presentation this week at Microsoft's
Silicon Valley campus.
Mundie was speaking 12 months after he first unveiled the
systematic initiative to improve the security and reliability of
Microsoft products.
Hackers and security holes are getting ever more sophisticated,
networks are becoming always on and more pervasive, he said.
The root of the problem, according to Mundie, is that both business
users and consumers are stuck in Microsoft's past, running
operating systems that date back to the early days of the
Internet.
Mundie referred to data from research group IDC showing that most
Microsoft customers had yet to adopt its more recent and more
secure operating systems, Windows 2000 and Windows XP.
"We're dragging around behind us a giant tail of systems that were
built and deployed a long time ago," Mundie said.
"In practice, it's impossible for us to remedy the threats that are
possible in systems that were built in 1991, deployed in 1995 and
still in use today."
Mundie repeated the same advice that he offered during his speech
last year - upgrade, upgrade and upgrade.
The software giant hopes to drive users towards that with the
controversial Software Assurance business licensing scheme, which
was introduced earlier this year.
The scheme requires companies to pay licensing fees every year in
order to receive all the latest software and security updates.
Microsoft has also pushed its Windows Update technology on
consumers and businesses. The technology allows Microsoft to deploy
security patches and feature updates automatically to customers as
they become available.
Besides keeping customers updated with software and security fixes,
the company is trying to phase out its less secure past. Microsoft
recently signalled that it would no longer support older operating
systems if it could not ensure that applications would run securely
on them.
In late October, Microsoft announced that the next version of its
Office productivity suite, Office 11, would only support computers
running Windows XP or Windows 2000 with the most recent service
pack installed.
"Even if it means that we're going to break some of your
applications, it's going to make things more secure," Mundie
said.
Underpinning the security drive is a fear is that the steady stream
of security breaches could make users lose faith in IT.
"The concern that has emerged is, will this stop consumer adoption,
or make it not happen at the rate we think it will happen?" Mundie
said. "If people don't trust these computer systems or don't trust
Microsoft, then they won't buy it."
The realisation that security fears could inhibit the wider
adoption of IT was, said Mundie, "a really significant event for
our company".