Gates boasts of security advances at Microsoft

Microsoft Chairman Bill Gates has said in an email that the software giant has taken great strides to secure its products, but acknowledged that the company still has far to go to achieve its goal of "Trustworthy Computing".

The email message to Microsoft's customers is the latest monthly missive sent by the company's executives as part of a customer-relations drive known as Executive Emails. Coming a year after Gates exhorted company employees to focus on security, privacy and reliability, the memo predictably focuses on the results of that initiative.

"While we've accomplished a lot in the past year, there is still more to do - at Microsoft and across our industry," Gates wrote in the email message, citing data from the Computer Security Institute and the FBI that estimated the damage from cyberattacks in 2001 at $455m.

Two large incidents - the Code Red and Nimda worms - were a wake-up call for the software giant in 2001 and directly led to Gates' call to arms for the company.

"As we increasingly rely on the internet to communicate and conduct business, a secure computing platform has never been more important," he wrote in the latest memo. "Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated."

In the past year, the software giant has retrained 11,000 developers in the basics of secure programming at a cost of more than $200m in lost productivity, according to Microsoft estimates. Most of the effort will be first evident when the company releases Windows Server 2003, now due out this April after three delays.

However, Gates outlined several other projects that Microsoft completed this year and which the company's executives have touted as illustrating the giant's dedication to Trustworthy Computing.

To increase the security of its software during the design process, the company has interjected a handful of new analyses and security checks. A technique known as threat modelling, where designers and programmers hash out the largest security threats to a given piece of software, has become a core facet of the company's design stage, Gates said in the memo.

"Fully one-half of all bugs identified during the Windows security push were found during threat analysis," he wrote.

Gates also expounded on the need for new security technology, such as that embodied by the company's controversial Palladium project, to eliminate "weak links" in computer systems.

Looking forward to what he called the coming "Digital Decade," Gates warned that as "billions of intelligent devices" are interconnected new threats will emerge.

For the time being, however, he urged patience for the company's efforts and perseverance for those on the front lines.

"There are three things customers can do to help: 1) stay up to date on patches, 2) use antivirus software and keep it up to date with the latest signatures, and 3) use firewalls."