Microsoft Vows Security Commitment on Win 2000

Microsoft Corp. is pledging a firm commitment to security with measures such as equipping its upcoming Windows 2000 operating system with 128-bit encryption and interacting with users and rival vendors to detect software breaches and bugs, a high-ranking company official said in a keynote speech at the RSA Conference 2000 show here today.

User privacy also is a paramount concern, said the official, Brian Valentine, who is senior vice president of Microsoft's Windows 2000 product group.

"The reason I'm here today is to do an industry call-to-action," for developers, vendors and others to boost computer security, Valentine said in his opening remarks.

Included in Microsoft's plans are 24-hours-per-day, seven-days-a-week security hot lines, consultations, and collaboration with other vendors on security issues, Valentine said. Microsoft will re-launch its security response centers to provide the around-the-clock responses and will respond to issues within 24 hours, Valentine said.

"We can't just trust the end-user to solve these problems themselves," Valentine said.

Microsoft has made a comprehensive effort to build Windows 2000 with security in mind, including having a staff of 15 people study the code for breaches, denials of service, and bugs.

A preliminary version of the product also was put on the Internet to enable users to look for security breaches, Valentine said. Within two weeks, four denials of service bugs were found, but no breaches were discovered, he said.

"We put it completely naked on the Internet," Valentine said.

Source code also was delivered to 70 agencies and universities around the world for their perusal. Security efforts will be extended to other Microsoft products, such as the SQL Server database, said Valentine.

Additionally, Microsoft in the latter half of this year plans to hold a summit meeting with vendors, customers, and other interested parties to discuss privacy and security issues. Also part of Microsoft's efforts is its security advisory council.

A consumer privacy and security Web site will be set up, Valentine said.

Microsoft already has a Web site for these issues that is tailored to IT professionals, at http://www.microsoft.com/security.

"We believe as a company that if we don't deal with some of the privacy issues ... it will affect e-commerce to where people won't trust," what is on the Internet, Valentine said.

A conference attendee said that Microsoft officials were making all the right statements pertaining to security, but it remains to be seen whether the company can live up to its commitment.

"I don't think anybody has been satisfied," with the security of Microsoft products, said the attendee, a software project manager at a computer-related vendor who requested anonymity.

Microsoft's success in marketing its products to the masses has made it a favorite target of virus writers and hackers, the attendee said.

Microsoft Corp., in Redmond, Washington, is at http://www.microsoft.com/.

Join the newsletter!

Or
Error: Please check your email address.

More about Microsoft

Show Comments