Everyone has stake in cybersecurity, says Ballmer

Everyone, from computer users to software suppliers to government agencies, is responsible for cybersecurity, says Microsoft...

Everyone, from computer users to software suppliers to government agencies, is responsible for cybersecurity, says Microsoft chief executive officer Steve Ballmer.

Although Ballmer did not reveal new security initiatives, he outlined the steps Microsoft has taken since its chairman and chief software architect Bill Gates called for security to become a top priority for the company in January 2002.

Among the future steps Microsoft will take on security is a service pack, due out in a couple of months, for the Windows XP operating system that will have a firewall turned on by default. A similar update to Microsoft's server operating system will come later. Future versions of the Internet Explorer browser will block automatic pop-up ads and downloads without the user's permission.

Microsoft is also working on ways to block viruses and worms before computers execute their code. "The computer can look at [the code] and say, 'It doesn't smell right to me. I won't execute this without asking the user for permission'," Ballmer said of the behaviour-blocking initiative he called "active protection technology".

Ballmer called on government agencies to work with software suppliers on security research, to pass laws that target cybercriminals and to help raise public awareness about cybersecurity.

"As a global leader in software, our company ... and our products are often the prime target for cybercriminals," Ballmer said. "Yet, this is not really about any single technology or computing platform or company. It's bigger than any single company."

Earlier this week, Ballmer talked to Tom Ridge, secretary of the US Department of Homeland Security, about improving ways to anticipate cyberattacks.

"The kinds of attacks we've seen - that have these kinds of crazy names like Blaster and SoBig and MyDoom - once unimaginable, are crimes we need to both anticipate and act against," Ballmer said.

He also called on individual computer users to take responsibility by keeping up with software updates, using personal firewalls and keep their antivirus software up to date. Less than 30% of computer users update their antivirus software regularly.

Ballmer likened the security of the internet to maintaining roads, where car makers have a responsibility to make safe cars, and governments have a responsibility to maintain highways and drivers have a responsibly to drive and maintain safe vehicles.

The CEO also acknowledged Microsoft products as a major target of hackers, but he denied that more competition would aid security. "The truth is hackers will go after one or two or three [operating systems]," Ballmer said. "They will go after what's popular."

Ballmer called on IT vendors to work together to improve security. "Everyone in the IT industry is used to competing, but on cybersecurity, we know we have to come together and collaborate in very new ways," he said. "These are real threats, and the stakes for society and our economic future and national security are very high."

Grant Gross writes for IDG News Service

Read more on IT risk management