"While we've accomplished a lot in the past year, there is still more to do - at Microsoft and across our industry," Gates said in an e-mail sent to a mailing list which is part of a Microsoft marketing effort called Executive E-mail. ( www.microsoft.com/mscorp/execmail)
The e-mail came a year after Gates announced the Trustworthy Computing initiative, a Microsoft-wide focus on securing its products. As part of that initiative, Microsoft halted the development work of thousands of software engineers for 10 weeks to train them to look at software like hackers. This resulted in the discovery of many security bugs
In the past year, Microsoft has created new product design methodologies, coding practices, test procedures, incident handling and support processes to improve the security of its products. Microsoft spent some $200m on improving Windows security alone.
"A secure computing platform has never been more important. Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated," Gates wrote.
He cited data from the Computer Security Institute and the FBI that cyberattacks caused an estimated $455m in damage in the US in 2001.
This year, Microsoft will release several products that have gone through its new security review process. Windows Server 2003 is now due in April, after several delays. New versions of the SQL Server database, Exchange Server messaging software and Office productivity software are also planned.
When the products become available, users will notice that many features potentially posing a security risk will be disabled by default. In the past, a feature was typically enabled by default if Microsoft thought there was any possibility that a customer might want to use it, Gates wrote.
In the future, marrying software and hardware security on a PC will help eliminate "weak links" in computer systems, Gates said, referring to Microsoft's Palladium project.
Gates also promoted the use of smartcards. Microsoft employees who want to access their company's systems remotely have to use one.
"In the Digital Decade we're now embarking on, billions of intelligent devices will be connected to the Internet," Gates wrote. "This fundamental change will bring great opportunities as well as new, constantly evolving security challenges."
Gates said there were three things users could do to help make computing more secure: stay up to date on patches; use anti-virus software and keep it up to date with the latest signatures, and use firewalls.