|
Microsoft chief software architect Bill Gates took a side-swipe at
rival operating systems on Monday, as he reiterated the importance of
security for Windows; in particular its next version, which is
codenamed Longhorn.
As the latest mass-mailing worm spread
across the Internet on Monday, infecting many tens of thousands of
Windows PCs with a program designed to attack the servers of Unix
vendor SCO Group on 1 February, Gates stressed the importance of
security to his company's products, but said that competing vendors --
such as SCO -- were courting danger by sitting back.
"A high volume system like [Windows] that has been thoroughly tested
will be by far the most secure," Gates told the audience at the
Developing Software for the future Microsoft Platform conference at
London's Queen Elizabeth II Conference Centre. "To say a system is
secure because no one is attacking it is very dangerous," said Gates,
referring to operating systems that have a smaller share of the desktop
market, such as Apple Mac OS and Linux.
Noting the large number of major virus epidemics during the past two
years, Gates said that in some ways "hackers are good for maturation"
of the platform, because they have forced the company to develop new
inspection techniques for the code.
But patch management continues to be the largest headache, said Gates.
"Everybody who had their software completely up to date [during the
epidemics] was immune to those problems. But only 20 percent of our
customers were, so obviously we weren’t doing enough." Part of the
problem is with taxonomy, said Gates, such as making clear whether a
patch is essential or just advised. Furthermore, patches are too large,
and their regularity was not predictable. For instance, in December,
Microsoft issued a patch through its Automatic Update service just one day after saying that it would issue no patches that month.
Gates said that "virtually all" Microsoft customers are now using
automatic patching, but in the past even this has proved problematic.
Last August, many companies were left open to a new virus because a
flaw in the Windows Update service led them to believe -- wrongly -- that they were protected from MSBlast.
Microsoft software architect Chris Anderson, who is working on
Longhorn, explained another problem with patches: "Today, virus writers
don’t find holes," he said. "They just sit back and wait for patches to
appear, and then it is a race to write the first virus. We want to get
patch deployment down from days or weeks to hours."
Gates also said Microsoft is looking at ways of developing email
protocols so that a recipient can verify the sender of the email. "This
is critical for security," he said, "and for getting rid of spam."
|
