In his keynote address at the RSA Conference Europe 2006, Microsoft Corp. Security Technology Unit Corporate Vice President Ben Fathi discussed the evolution of the computing ecosystem and malicious software landscape, and called on the IT security industry to team with Microsoft in investing in continued innovation to keep pace with ever-evolving threats. Fathi described Microsoft’s ongoing investments to enable a trust ecosystem, pointing to security advancements in the forthcoming release of Windows Vista(TM) as an important opportunity for the industry to become more proactive in its aim to provide users with a safer computing experience. Specifically, Fathi announced milestones toward this goal, including the availability of Microsoft(R) Certificate Lifecycle Manager beta 2, a digital certificate and smart cards management solution; the general availability of Windows(R) Defender, a free anti-spyware solution; and the availability of the Sender ID Framework specification for e-mail authentication under Microsoft’s Open Specification Promise (OSP).
“As threats continue to evolve and computing advances, we need an environment that engenders trust and accountability,” Fathi said. “To help protect customers and ensure the long-term success of the computing ecosystem, the industry must embrace change and innovation.”
An Evolving Threat Landscape, an Industry at a Crossroads
Fathi opened by outlining how the evolving threat landscape requires new thinking about how to make operating systems more secure and reliable. To illustrate, he referred to the new “Microsoft Security Intelligence Report,” which found that threats against consumers and businesses are becoming more targeted and motivated by financial gain, with backdoor Trojans and bots continuing to make up a significant percentage of the malicious software detected by Microsoft anti-malware offerings. The report also found that social engineering continues to be a popular means of spreading malware, especially when sent over e-mail and peer-to-peer networks, and that rootkits are likely to continue to be popular for targeted, stealth intrusions. Data from several customer-focused Microsoft products and services were used to compile the information provided in this report, which is available at http://www.microsoft.com/security.
Fathi also made known that as part of the Microsoft Security Response Alliance, Microsoft plans to develop a malware sample sharing program for security ISVs. The program will further enable the industry to work closely together on the protection of mutual customers as the threat landscape continues to evolve.
In the face of evolving threats, Fathi asserted that the industry is at a crossroads where, due to processor innovations and the decreasing cost of 64- bit processors, 64-bit computing is on the horizon as the next significant PC computing architecture. He emphasized that Microsoft and the worldwide IT security industry — including platform providers, hardware manufacturers and security independent software vendors — needs to invest in continued innovation to keep pace with the threats.
To fully support the evolving ecosystem, Fathi said the security industry must build more innovative security solutions than it did in the past to help protect customers. As a first step, he described how Microsoft has improved the security, reliability and integrity of the Windows kernel through innovative technologies such as Kernel Patch Protection in 64-bit environments, including Windows Vista, to provide greater stability, protection and defense against malicious threats. Kernel Patch Protection raises the bar for security and also provides a significant opportunity for the security industry to extend this work by designing next-generation security solutions.
Fathi reaffirmed Microsoft’s commitment to continuing to work with security partners to provide the kernel functionality they need, beyond what is available today in Windows XP and Windows Vista, without bypassing Kernel Patch Protection.
A white paper detailing Kernel Patch Protection in Windows Vista is available at http://www.microsoft.com/security/windowsvista.
The Need for a Trust Ecosystem
Fathi discussed how the opportunity facing the industry at this inflection point is crucial to enabling and sustaining a healthy computing ecosystem. He expanded on the need to enable a trust ecosystem, a principle Microsoft Chairman Bill Gates first discussed at the RSA Conference 2006 U.S. in February. A “trust ecosystem” is an environment that engenders trust and accountability between code, people, organizations and devices. Fathi highlighted several milestones that help support the four elements of a trust ecosystem:
— Code. He announced the general availability of Windows Defender, a
free, easy-to-use anti-spyware solution that helps consumers stay
productive by providing protection against pop-ups, slow performance
and security threats caused by spyware. Available today in English to
Windows XP customers, Microsoft expects to release Windows Defender in
other Windows-supported localized languages over the coming weeks, and
it will be included as part of the Windows Vista operating system when
it is made available in January.
— People. Fathi announced the availability of Microsoft Certificate
Lifecycle Manager (CLM) beta 2, a solution that can help lower the
costs associated with digital certificates and smart cards by enabling
organizations to more efficiently maintain a certificate-based
infrastructure. CLM simplifies administrative processes, providing easy
deployment with no additional development required, and the flexibility
of both centralized and self-service management. CLM beta 2 is
available for public download and evaluation at
http://www.microsoft.com/clm. In related news, Gemalto, a leading smart
card vendor, today announced support for CLM through integration with
its Microsoft .NET smart cards. Fathi also pointed to plans for
releasing Windows CardSpace (formerly “InfoCard”) in Windows Vista.
Windows CardSpace is a digital identity technology for simplifying and
improving the safety of accessing resources and sharing personal
information on the Internet.
— Organizations. The Sender ID Framework specification for e-mail
authentication is now available under Microsoft’s OSP, an irrevocable
promise to every individual in the world so they can make use of the
covered Microsoft technology easily and for free. After nearly two
years of worldwide deployment to over 600 million users and protection
for more than 5 million domains worldwide, Sender ID already enjoys
broad industry support. The application of the OSP will promote further
industry interoperability by making the e-mail authentication framework
more broadly available to the entire Internet ecosystem including
customers, partners, Internet service providers, registrars and the
developer community no matter what model they use — commercial, open
source or academic.
— Devices. Fathi referenced Microsoft Network Access Protection, a policy
enforcement platform built into the Windows Vista and Windows Server(R)
code-named “Longhorn” operating systems that enables organizations to
better control access to network assets by enforcing compliance with
system health requirements. The recently announced interoperability
architecture between Microsoft Network Access Protection and Cisco
Network Admission Control is an important milestone in an ongoing
relationship between the two industry leaders.
Fathi also noted that in the first four days after its release in English, more than 3 million people downloaded Internet Explorer(R) 7, which provides advanced safeguards that help protect against malicious software and phishing attacks. In Internet Explorer 7, Microsoft has helped reduce the exposure to these attacks by fortifying the browser itself and providing better information to users to assist them in making better and safer decisions online. Internet Explorer 7 will be made available in many European languages starting next week. Microsoft encourages customers to download the browser at http://www.microsoft.com/ie and accept the installation when they see the option on Automatic Updates.
Industry Call to Action
Fathi closed by calling on the industry to take advantage of the evolution of the Windows platform and the security, privacy, reliability and performance benefits of 64-bit architecture to build greater user trust in computing.
“Security threats and the IT landscape are changing with dramatic speed, requiring bold thinking from the security industry. Sophos has a 20-year history of protecting against known and unknown threats, embracing innovation, and welcoming more secure environments such as Windows Vista,” said Steve Munford, CEO of Sophos Plc. “We have engineered our best-of-breed solutions to take advantage of OS progress and create a universal client to deliver a comprehensive security platform for business.”
Fathi noted that Microsoft cannot take the next step alone, that such an opportunity to drive security innovation forward only presents itself every few years, and that the collective industry would be remiss to not capitalize on it for the benefit of customers and the PC ecosystem. Finally, he stressed Microsoft’s commitment to working with partners on ways to enhance the platform and provide greater opportunity for all software providers to build new and innovative solutions for their mutual customers.