ANALYSE THAT: Visions of a secure future

ANALYSE THAT: Visions of a secure future

It’s not every day Bill Gates comes to town or is dubbed a “great social coalitionist” by John Howard.

When he arrived in Sydney last week, Gates was hit by a blizzard of questions about viruses and spam that would match the average volume of garbage we each receive in our inbox on a daily basis.

His relief was the praise of the normally technology-disinterested Prime Minister, who paid tribute to Microsoft’s contribution to improving lives through the power of the PC.

While Microsoft and Gates’ contribution in this sphere of society is undoubtedly the big-picture story of technology at the beginning the 21st Century, there are a few pressing micro-issues to confront, such as security.

For some, of course, the issue of security is not so “micro”. Business users are at their wits end with constant exploitation of Microsoft flaws, as well as spam which dodges filters and propagates software rotten to its core.

Gates and his colleagues are keen to peel off numbers to show the Redmond wheel is turning when it comes to protecting machines and data.

For example, 14 flaws were reported in the first 180 days of Windows 2003 server being released, compared with 56 problems with Win2000 over the same period.

But this is hardly sufficient to hang out the flags. Old vulnerabilities stay around because most organisations cannot afford to run the latest software.

Microsoft’s two-year-old Trust­worthy Computing initiative has improved the quality of its software and big improvements have been made in Service Pack 2 of Exchange 2003.

Gates said that “with the most recent releases we’ve now had four [flaws] and so that’s a pretty dramatic reduction”, but then he lamented, “we should get that to either one or zero.”

Research released by Symantec indicates small business — a target for revenue growth at Microsoft — has been hit as hard as anyone by viruses and spam.

More than 80 per cent of 201 local SMEs surveyed said they ran antivirus software with automated updates but most were struck down by MyDoom, Netsky or Sasser.

Gates indicated his answer to this mess was to build Windows-integrated programs to constantly update antivirus software over a broadband link without the user having to think about it.

“Whenever there’s a security problem we need to make sure that the security updates get onto those systems faster than somebody with bad intent can go in and perform an attack,” he said.

Microsoft’s future role in the antivirus business is a source of constant speculation. Asked recently about this issue, its local director of enterprise technologies, Greg Stone, responded diplomatically, “that’s news to me”.

But it’s not news to John Donovan, head of market-leader Symantec, who said he was constantly asked if Microsoft would move on his turf.

He also said antivirus was no longer sufficient protection on its own and intrusion protection had become essential.

Most buyers would say Microsoft has a moral obligation to be proactive, but whether it is trusted to do a good job is a different matter.

Given its history of altercation with the US Justice Department, the company would also think twice about building its own solution into Windows at the expense of specialists such as Symantec, Sophos and McAfee.

Gates understands the technological magnitude of the problem.

He said the solution involved advanced tools and techniques that had been in academia for a long time but never used against large-scale software.

Spam is of equal concern. Gates claimed that Exchange’s filtering techniques caught 90 per cent of these emails but “that is still a lot of spam left over”.

He said his company was working on a range of solutions and had just announced “we can guarantee mail is from who it appears to come from” by establishing a system that requires the sender to verify the legitimacy of an email identified as potential spam.

“There are some clever ideas about having a computer do some extra work, or bouncing back something where the human verifies that this really is a legitimate piece of email,” Gates said.

“As we combine these approaches over the next year, we will be able to make dramatic improvements in terms of what goes on in spam.”

Let’s hope so.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments