Microsoft: Only upgrades can deliver security

Microsoft's Trustworthy Computing security initiative has a long way to go. That was the verdict of Craig Mundie, the company's...

Microsoft's Trustworthy Computing security initiative has a long way to go. That was the verdict of Craig Mundie, the company's chief technical officer, in a presentation this week at Microsoft's Silicon Valley campus.

Mundie was speaking 12 months after he first unveiled the systematic initiative to improve the security and reliability of Microsoft products.

Hackers and security holes are getting ever more sophisticated, networks are becoming always on and more pervasive, he said.

The root of the problem, according to Mundie, is that both business users and consumers are stuck in Microsoft's past, running operating systems that date back to the early days of the Internet.

Mundie referred to data from research group IDC showing that most Microsoft customers had yet to adopt its more recent and more secure operating systems, Windows 2000 and Windows XP.

"We're dragging around behind us a giant tail of systems that were built and deployed a long time ago," Mundie said.

"In practice, it's impossible for us to remedy the threats that are possible in systems that were built in 1991, deployed in 1995 and still in use today."

Mundie repeated the same advice that he offered during his speech last year - upgrade, upgrade and upgrade.

The software giant hopes to drive users towards that with the controversial Software Assurance business licensing scheme, which was introduced earlier this year.

The scheme requires companies to pay licensing fees every year in order to receive all the latest software and security updates.

Microsoft has also pushed its Windows Update technology on consumers and businesses. The technology allows Microsoft to deploy security patches and feature updates automatically to customers as they become available.

Besides keeping customers updated with software and security fixes, the company is trying to phase out its less secure past. Microsoft recently signalled that it would no longer support older operating systems if it could not ensure that applications would run securely on them.

In late October, Microsoft announced that the next version of its Office productivity suite, Office 11, would only support computers running Windows XP or Windows 2000 with the most recent service pack installed.

"Even if it means that we're going to break some of your applications, it's going to make things more secure," Mundie said.

Underpinning the security drive is a fear is that the steady stream of security breaches could make users lose faith in IT.

"The concern that has emerged is, will this stop consumer adoption, or make it not happen at the rate we think it will happen?" Mundie said. "If people don't trust these computer systems or don't trust Microsoft, then they won't buy it."

The realisation that security fears could inhibit the wider adoption of IT was, said Mundie, "a really significant event for our company".

Read more on Microsoft Windows software