Mundie Plugs Trustworthy Computing

The focus of Microsoft's "Trustworthy Computing" initiative will move from security to areas such as privacy, reliability and Microsoft brand integrity in its second year, according to Microsoft's chief diplomat.

Craig Mundie, senior vice president and chief technology officer for advanced strategies and policy at Microsoft, provided an update on Trustworthy Computing in a speech in San Francisco last week.

Mundie first publicly introduced the concept of Trustworthy Computing a year ago, although it became a household word in IT circles in January after Microsoft chairman and chief software architect Bill Gates wrote a company memo about the initiative.

Trustworthy Computing involves Microsoft's efforts to improve the security, privacy, reliability and business integrity, or brand integrity, of its software and services. During the first year of Trustworthy Computing, Microsoft largely focused on security issues, with the developer training and code review surrounding Windows .NET Server 2003 being the highest profile project.

Going forward, Mundie predicted Microsoft would make "continuing progress in security" but that the company would have other areas of focus as well. "We'll continue to make progress in the privacy area with more and more of both the services and systems being very transparent with respect to the person identifiable information and how it's gathered and administered," he said. More lists and materials will probably move to opt-in defaults, Mundie said.

Microsoft's Trustworthy Computing initiative will also concentrate on making it easier for customers to comply with new regulations. "There will be continued work to try to find ways to be compliant with the emerging regulations like HIPAA and Gramm-Leach-Bliley and even the Sarbanes-Oxley stuff that just happened," Mundie said.

Reliability will be another key area for Trustworthy Computing, with an emphasis on the feedback loop that automatically generates error reports during application failures that users can elect to send back to Microsoft. "As more of ... the third-party software vendors ... instrument their apps in a way that they can take advantage of that closed loop thing, and we come up with better ways to distribute more than just Windows and Office on an automated update basis, all of these things will basically ratchet overall system and application reliability up another level in the next 12 to 24 months," Mundie said.

As for business integrity, Mundie said, Microsoft will scrutinize more closely whether Microsoft is writing contracts or using support mechanisms that inspire trust in the company and the brand. That extends into providing better uptime for commercial services that Microsoft offers, Mundie said.

In addition to the forward-looking view of Trustworthy Computing, Mundie provided a look back at the security efforts. In addition to the developer training and product code reviews, Mundie highlighted:
  • Configuration changes in Windows XP Service Pack 1 to prevent the system from automatically joining an insecure wireless local area network.
  • Setting changes in Service Pack 1 for Windows XP Home Edition that enables the Personal Firewall by default.
  • The source-code licensing program to encourage university and research organizations to examine Microsoft code for security vulnerabilities.
  • Free hotfix and configuration management tools that have been made available for download over the last year.
  • Ongoing security commitments. "We didn't fall off the turnip truck just a year ago and decide we should think about these things," Mundie quipped. He pointed to the three-year process to earn the Common Criteria security evaluation for Windows 2000 as an example of Microsoft's ongoing commitment to security.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    comments powered by Disqus

    Reader Comments:

    Fri, Jul 18, 2003 Greg Popik Anonymous

    "I love you, the checks in the mail, and this version around you can trust our lame promises..."

    I beleive that Microsoft is better at making and failing to keep promises than any politician in historical memory.

    Forget backward-compatiblity code retention, I'd love to see a release on how much unknown, unrealized cruft code remains in their OS...

    Unfortunately, disclosures about bugs with historical roots to OLD OS code simply tend to "appear" at the customers incovenience and cost. "we'll patch it when you find it" still appears to be their development model.

    Reference their most recent defect in windows 2003. Based off Microsoft's MO and history, any experienced IS worker would be stupid to trust them.

    Wed, Nov 20, 2002 Anonymous Anonymous

    Microsoft and Trustworthy Computing... hahahahahahah Its a household word alright. Its the biggest joke of the year. Oh, yeah. I trust them with my personal information and I know they are working to create secure software. HA. If that were true, they'd have to dump Outlook, IE, IIS, Word, Excel, Windows, etc. etc. They wouldn't have any products left. You can't back fit security into a kludge-job. It has to be designed in.

    Tue, Nov 19, 2002 Marc Erickson Anonymous

    I could see their attitude if they paid out dividends, but they refuse to...

    Tue, Nov 19, 2002 Marc Erickson Anonymous

    Reliable? Yeah, right. It's not all Microsoft's fault, and Windows has gotten better - but as long as they're locked into the 'We release a new Windows every two years, come hell or high water' attitude because (after all) they *must* have 25% growth every year, they won't be able to do much better. What's wrong with 10% growth anyways? It seems to be OK for other industries...

    Add Your Comment Now:

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Please type the letters/numbers you see above

    Redmond Tech Watch

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.