Microsoft this week signaled its new anti-spyware technology will be provided to Windows XP users who have upgraded with Service Pack 2 (SP2) at no charge, also announcing a more secure version of its Explorer browser that will be released separately from the next Windows operating system.
The news — a departure from the company’s previous stance on browser-OS integration and rollout, and widely viewed as an admission that Explorer is a source of security weakness — came out of a keynote address by Microsoft chairman and chief software architect Bill Gates, who delivered the speech at the RSA Security Conference in San Francisco.
The Security Catch
While Gates touted the success of SP2 and related Explorer enhancements, he also indicated Explorer v. 7.0 was needed to address the danger that comes with using it.
“We’re … in a dialog about what more can we do, because browsing definitely is a point of vulnerability,” Gates said, adding that IE 7.0 would be made available in beta by early summer and would eventually be included in the next Windows release, known as Longhorn, which would come in 2006.
Gates — whose presentation was titled, “Raising the Security Bar” — said the increased connectivity emerging among the world’s Internet and computer users was delivering “fantastic advances,” but also made reliability and security among all of the infrastructure and machines more important.
“There’s really only one thing that could stand in the way of realizing the full potential of that digital infrastructure,” Gates said, referring to security, the conference’s central topic. “And I can see that that will remain our top priority because it’s the one thing we need to make sure we get absolutely right to unlock all of those exciting things.”
Gates highlighted the success of the security enhancements in SP2, which he reported had been downloaded by more than 170 million Windows XP users. However, there was more attention paid to Gates’ indication that Explorer would be updated before Longhorn and that Microsoft would be providing free anti-spyware and its own anti-virus by the end of the year.
Richard Stiennon, vice president of threat analysis at anti-spyware software maker Webroot, said separating and securing Explorer may help make browsing with the Microsoft product safer, but he was skeptical of Gates’ speech, which echoed previous pronouncements of security efforts by Microsoft.
“The overall reaction to his talk was a lot of rolling eyes,” Stiennon told TechNewsWorld. “It was, yeah, yeah, we’ve heard this before.”
Stiennon, who is in attendance at the RSA security conference, did say the speech was seen as an admission by Gates that Internet Explorer is “a huge problem.” Stiennon added that Microsoft has been forced into stressing security by incidents, media coverage and competitive pressure from alternative browsers, particularly Firefox, that are viewed as more secure.
As for the announcement of free anti-spyware for Windows users, Stiennon — whose company provides spyware detection and removal tools — was dubious.
“My response would be, you get what you pay for,” he said.
Despite those skeptical of Microsoft’s security efforts, iDefense director of malicious code intelligence Ken Dunham pointed out that the software giant is reportedly dedicating one-third of its budget to security improvements.
“I think they’ve made progress,” Dunham said, adding that user security as well as increased competition have forced Microsoft to bolster its browser and other products, which were originally engineered and deployed with a priority on ease of use.
Dunham added that while new software often brings new vulnerabilities, overall security has been improving with Microsoft’s updates to its products, particularly SP2.
“With these kinds of enhancements, that’s going to make a difference,” he said.