Ballmer Takes Security Case To IT Poohbahs

Malicious worms and viruses propagated by "far-flung and by-and-large anonymous hackers can circle the world in a matter of minutes," Ballmer told a few hundred IT professionals at an event hosted by the Center for Strategic and International Studies in Washington. These actions constitute serious crimes that disrupt business and government, he said.

This is hardly news, but Microsoft continues to try to drum up support for private and public partnerships to combat the menace. On Tuesday, Ballmer said he met with Department of Homeland Security Secretary Tom Ridge on the topic.

As Microsoft executives have done repeatedly over the past several months, Ballmer outlined what the company has and will continue to do to shore up its own technology.

Ballmer reiterated pledges to release a security-enhancing Windows XP Service Pack in a few months and an Internet Explorer version bulked up with pop-up blockers and better attachment handling. Also on tap, bolstered e-mail protection at the edge to stop spam and ease encryption. Longer term, he again promised "more active protection technologies" including behavior blocking that would intercept suspicious code before it can execute on a PC. Such code execution typically occurs unbeknownst to the user. In all of this, Ballmer essentially echoed last week's Microsoft security progress report, sent by Chairman Bill Gates to customers.

It is incumbent on other tech providers, consumers and government to wage an all-fronts battle here, he said. "The best lock in the world is useless if the front door is left open or the key is under the mat," he said.

Individual users should thus take responsibility, make sure they use a firewall, and update their system and antivirus software regularly. Less than 30 percent of antivirus software now in use is up to date, he said.

Ballmer said the Redmond, Wash.-based company has no plans to integrate antivirus software into its own platform, but acknowledged that it is often asked to do so. He also restated the company's position that Windows and its applications are targeted because they are ubiquitous, not because they are inherently faulty.

"If there are one or two or three operating systems that have some high percentage of the market, then hackers will go after one or two or three operating systems. If there were 100 million operating systems, no one would attack--there's no critical mass."

In Linux, Microsoft faces a rival that is perceived by its own very vocal advocates and some observers as more secure than Windows. But Ballmer said that is a fallacy. "Linux gets attacked all the time," he said.

"Our products are often the prime targets for these criminals, but [the security issue] is bigger than anything we do." Microsoft will continue to work with anyone from IBM to "our new partners at Sun [Microsystems], to AOL and Cisco [Systems]," he said.

Microsoft will likely continue to offer free security patches, even for use on pirated software, he said. This is a complicated issue because pirated software can cause as many problems as viruses, he added.

Ballmer took a handful of questions from attendees. None of the questions touched on last week's news of Microsoft's surprise detente with Sun Microsystems, although Ballmer's offhand mention of the Sun partnership drew laughter, and he quickly added "I say that with all genuineness."

Last week the two companies, long at each other's throats in the press and in the courtroom, agreed to disagree on some technology questions but pledged publicly to foster interoperability of their products. In addition, longtime Microsoft basher Scott McNealy gave up the title of president at Sun, turning it over to Jonathan Schwartz. McNealy remains chairman of the Palo Alto, Calif.-based company.

Few details on deliverables or road maps were forthcoming. Some observers said Sun might have some tools in its arsenal that could very well help Microsoft's quest for more secure software.

After the event, one attendee, who requested anonymity, said the Sun question needed to be asked--and answered. "When will we see the promised fruits of this? The interoperability, etc.?" he asked. "I expect we won't until some more people leave the companies."

For more on the Sun-Microsoft rapprochement, see CRN.