Gates Updates Customers On Microsoft's Security Push

In a letter e-mailed to Microsoft customers, Chairman Bill Gates cited the evolving nature of security threats to personal computers, which he said can be "hijacked" and turn "innocent users into unknowing and innocent worm propagators." (For the full text, see Microsoft's Web site).

Gates also reiterated Microsoft's pledge to invest in safeguarding the company's besieged offerings against attacks, as well as in customer education and partnerships.

In its ongoing quest for better security, Microsoft also plans to host a series of Security Summits in the United States starting April 4 in New York, a spokeswoman said. At the events, IT professionals and developers can meet with Microsoft technology experts, she said. On April 7, Microsoft CEO Steve Ballmer is slated to speak about security efforts at the Center for Strategic and International Studies in Washington, D.C.

In terms of Microsoft's offerings, Windows XP Service Pack 2 helps isolate computers from four types of attacks. Release Candidate 1 of that Service Pack update was available in mid-March. The final version of Service Pack 2 is expected in late spring or early summer, according to Gates.

As Microsoft has already stated, Service Pack 2 promises safer Web browsing, with a bulked-up Internet Explorer browser that will block unsolicited downloads. The Windows Firewall will ship turned on by default. The company also is beefing up Outlook Express and instant messaging to better handle file attachments and give users more control over content in Outlook Express that could identify the user's computer to nameless senders.

In addition, Microsoft has pledged to reduce buffer overruns in Windows XP that allow data to be copied into computer memory without users' knowledge or permission. The e-mail letter, too, listed improvements in Windows Server 2003, including security advances to ship with Service Pack 1 in the second half of 2004.

Though Microsoft software has been targeted by malicious attackers, the company said it must work with third parties to bolster overall PC security in an era of connected devices. It helped form the Virus Information Alliance with antivirus vendors and teamed with major ISPs on the Global Infrastructure Alliance For Internet Safety.

Many solution providers--including those with tight ties to Microsoft--said the Redmond, Wash., software giant already has made strides improving the security of its offerings. The company, for example, has unveiled a number of initiatives with much fanfare since launching its Trustworthy Computing effort more than two years ago.

The company has reiterated its pledges repeatedly since then. (See story.)

But, the perception remains that Windows and its ancillary applications are still too vulnerable to attack, and that remains a huge problem for Microsoft, solution providers said.