Microsoft promises heavy investment to tackle security threats

Microsoft is spending a third of its $6bn research and development budget on IT security.

Microsoft is spending a third of its $6bn research and development budget on IT security.

Chairman Bill Gates speaking at the RSA conference admitted that security concerns were harming the potential of the internet to provide new services to the public.

He said that Microsoft was investing heavily to tackle security issues, including revamping its Internet Explorer web browser, updating Windows 2003 with features to quarantine rogue PCs on corporate networks and a raft of development efforts to curb spyware and phishing.

The version of Explorer, due to be available as a beta release in the summer, will be the same as the one Microsoft plans to use in Longhorn, the next version of Windows due to be released in 2006.

The new browser would target phishing attacks, where people use URLs that appear to come from another location and offer technology to combat malware.

Other security improvements include the forthcoming service pack 1 release of Windows 2003, which is now available as a beta release from the Microsoft website.

One of the key features concerns securing the network against users who log in via a virtual private network connection, Gates said.

When a user login in over a VPN connection Windows 2003 SP1 can check the user’s machine and only provide very limited network access until the checks have been completed.

The company has invested heavily in developing automated checking tools for software, which can detect potential vulnerabilities as applications are being developed.

Microsoft is planning to incorporate these tools in the Visual Studio development suite and other packages, to allow Windows application developers to take advantage of them to create more secure code.

Microsoft has improved the way it issues patches, he said, simplifying the patching process for end users. This includes prioritising vulnerabilites so that the firm only issues patches for the most serious vulnerabilities.

Along with Explorer, Microsoft has developed software to detect and delete spyware on corporate computer systems, following concerns that the ubiquitous nature of spyware could damage productivity and slow down corporate networks.

At the heart of the project is a network created by Microsoft, dubbed Spynet to collate and analyse reports of spyware from Microsoft customers.

The network, which receives £500,000 postings a day, will allow Microsoft to identify new pieces of spyware and to develop countermeasures to them.

"We can make sure we can detect it where it is coming down. We call this real time protection. There are over 50 different places where spyware can come down," said Gates.

Read more on IT risk management