Microsoft software 'more secure' says Microsoft

Microsoft has made significant progress in making its software more secure, and further improvements are on the way, according to Bill Gates who addressed these issues in a letter to customers.

Gates wrote: "Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero. But we can dramatically blunt the impact of cybercriminals and are dedicating a major portion of our R&D investments to security advances."

Gates said the effectiveness of new security measures adopted as part of Microsoft's "trustworthy computing" initiative is borne out by numbers. The number of "critical" and "important" security bulletins issued in the first 320 days of availability for Windows Server 2003 was nine, he wrote, compared with 40 in the same period for Windows 2000 Server, the previous version of the server operating system. SQL 2000 generated three such bulletins in the 15 months after the release of Service Pack 3, a collection of bug fixes and updates, compared with 13 in the 15 months before the Service Pack release.

On the desktop, major security improvements will be made to Windows XP with the upcoming release of Service Pack 2, including default use of Windows' built-in firewall and memory management technology to limit exploitation of buffer overflows - a common avenue for virus attacks.

Microsoft has also improved the delivery of software patches with the new Windows Update Services and System Management Server 2003, a collection of tools designed to let information technology managers quickly test and deploy updates.

Areas Microsoft is researching, Gates wrote, include "active protection technologies" that would let computers respond more intelligently to potential threats. A laptop could automatically employ stronger security settings when connected to a home Internet connection than a corporate network, for example, or when software hasn't been updated for a long time.

Microsoft is also working on "client inspection" tools that would automatically examine remote PCs for viruses and worms before allowing them to connect to a corporate network, plus improved user authentication systems based on smart cards and biometrics.

David Becker writes for News.com