August 31, 2003
Virus Aside, Gates Says Reliability Is Greater
By JOHN MARKOFF
ICROSOFT, the world's biggest software maker, is the biggest target for computer viruses like the SoBig.F worm that wreaked havoc two weeks ago. Bill Gates, Microsoft's chairman and chief software architect, talked last week about what it is doing to keep hackers at bay. Following are excerpts from the conversation.
Q. You wrote a memo last year calling on Microsoft to focus on reliable software. Now we've had this series of computer-security-related events that make it appear to outsiders that you aren't making progress. Have you in fact made progress?
A. Well, we've certainly made a lot of progress in terms of creating more reliable software, building tools so that people can stay up to date so that they don't run into these problems, creating the procedures that make sure that the recovery actions get widely communicated. We'd be the first to say that we're doing more and more on this. It was very important that we got the company focused on it, made it part of the reviews of all the different employees.
The fact that these attacks are coming out and that people's software is not up to date in a way that fully prevents an attack on them is something we feel very bad about. We want the update process to work so automatically that in the future these problems won't happen. The hackers are attacking not only our systems but other systems, and with the right kind of infrastructure and the right kind of work we can make sure they don't disrupt things.
Q. Have these events created a serious public perception problem about Microsoft on the issue of security?
A. Microsoft's reputation for doing great software research is very strong, and people are looking to us now and saying, "no other software company has solved this; you, Microsoft, need to solve it." We're rising to that challenge. The expectation they have of us is very high.
Q. The buffer overrun flaw that made the Blaster worm possible was specifically targeted in your code reviews last year. Do you understand why the flaw that led to Blaster escaped your detection?
A. Understand there have actually been fixes for all of these things before the attack took place. The challenge is that we've got to get the fixes to be automatically applied without our customers having to make a special effort.
Q. You have enemies who are in a crusade to undermine Microsoft. How do you cope with that?
A. I'm not aware of any systematic attempt by any group. There have been a few of these things that have come along. We have to make our systems invulnerable to these things. It's within our ability to make the systems invulnerable because the speed of update is as great or greater than the speed that somebody comes up with an exploit.
Q. Blaster included a message attacking you. Do you take these things personally?
A. No.
Q. Have you considered enabling the Windows XP Firewall by default?
A. The fact is there has been a fire wall inside of Windows that would have blocked MSblast [the worm]. We're doing a better job of getting information out to people of how to turn that on and when they should turn that on. The idea that it would be on by default is something that we have to push the technology to make that work for people. It looks like we've got a solution to do that.
Q. Some people are concerned about the automatic distribution of patches because of the possibility of doing widespread damage.
A. These patches will be signed by us, and things that are put into the critical security path that we have to pass through we have to be very careful that there is no regression in those things. It's a channel that has to be used not for features, but just for very critical things. We have some other ideas such as something called behavior blocking that will obviate the need in many cases to use patches.
Q. Are you concerned about the possibility of product liability suits?
A. Well, we're doing our best to improve Windows and make it so our customers don't run into these problems. I think this is a critical issue for our customers, and solving this will be fulfilling the commitment we made on trustworthy computing. We're doing our very best, and that's all we can do.
http://www.nytimes.com/2003/08/31/techn ... &position=
Some body has his head up his ass.
Login
Register
FAQ
Search
