Gates pledges better software security
Saturday, January 25, 2003 Posted: 6:40 AM EST (1140 GMT)

Microsoft's Chairman Bill Gates: "Microsoft has a responsibility to help."

WASHINGTON (AP) -- Microsoft Chairman Bill Gates is pledging to continue 
improvements to security in his company's products, part of a high-stakes 
campaign to convince large customers that Windows software is safe.

"New security risks have emerged on a scale that few in our industry
fully  anticipated," Gates wrote in a 1,500-word e-mail distributed
late Thursday to  about 1 million people. He cited figures showing
corporate losses to hackers  and other types of electronic attacks exceeded
$455 million in 2001.

Gates acknowledged that the technology industry must make significant 
improvements, adding that, "Microsoft has a responsibility to help its
 customers address these concerns, so they no longer have to choose between
 security and usability."

Passwords easy to guess
As part of the effort, Gates promised that Microsoft will improve support
for  "smart cards," devices that can replace or augment
passwords. A single  computer user may need dozens of passwords for e-mail,
Web sites and  connecting to office systems. Most passwords are easy to
guess or difficult  to remember.

In his e-mail, Gates called passwords "the weak link."

Smart cards can help authenticate a person's identity when plugged into a 
computer slot or swiped through an attached reader device. Some cards
display  random numbers that an employee must type accurately before
they're given  approval to log on.

Gates said Microsoft now requires all its employees use smart cards to
access  the company's computers from home or while traveling.

He did not note that the smart-card policy went into effect after an 
embarrassing break-in by hackers to Microsoft's internal computer systems
in  October 2000. Investigators believe hackers remotely took control over
an  employee's unprotected home computer, then used it to breach
Microsoft's  corporate systems.

Gates did not mention in his e-mail improving support in Microsoft's
products  for fingerprint or retinal-scan technology. "Over time we
expect that most  businesses will go to smart card ID systems," he
wrote.

Long derided by experts
Microsoft's products, especially earlier versions of its Windows operating 
system and Internet server software, have been long derided by experts for 
problems that put consumers' information at risk from hackers and viruses.

As sensitive transactions -- from banking to medical filings _ increasingly
 take place online, there has been a new focus on such risks. The Bush 
administration also has raised concerns that terrorists or foreign 
governments could launch cyber-attacks against the private networks that 
operate U.S. water and power systems.

Last year, in response to rising concerns, Gates announced a
"trustworthy  computing" drive at Microsoft and shut down
software development for 10 weeks  of security training for employees.

Gates wrote in his e-mail that the training "taught program managers, 
architects and testers to think like attackers," and that it helped
identify  an unspecified number of vulnerabilities in Windows software.

Improving server security
Gates also pledged that an upcoming version of Microsoft's flagship server 
software, called Windows Server 2003, will have many advanced features
turned  off automatically to improve security. Such features, if used
improperly,  could make computers vulnerable.

Businesses use server software to operate their internal company networks
and  to publish Web sites.


--- LoraBBS-OS/2 v2.42B1+