Gates confirms commitment to tackling tech security

31 Mar 2004

Security will take the greatest single share of Microsoft’s US$6.8bn research budget, chairman Bill Gates has confirmed. He also predicted that within two years, spam and email security would no longer be a top-five consideration for businesses.

Speaking at the Gartner Symposium in San Diego earlier this week, Gates reiterated his company’s commitment to tackling IT security issues. He disagreed with the proposal that spam was not a big problem. “Oh no, it’s a significant waste of time. And people miss real e-mail,” he said.

According to Gates, one of the dangers about email is that it lacks authentication to verify the sender. This allows spam mail, for example, to appear as if it came from a reputable source such as a company’s IT department.

“The very design of the Internet protocol, SMTP, didn’t have this verify-sender approach,” Gates explained. “Now, it turns out that verify sender, what we call Caller ID for email, is key for solving spam. It’s also key for making sure people don’t do these social engineering attacks against your employee base. And so everything that comes in has to be verified that it really is the person who sent that thing.”

Microsoft’s approach to tackling the spam problem is linked to its overall security effort, Gates added. “The security effort, which is the biggest thing we’re doing, the highest percentage of the US$6.8bn, are on things related to that. That’s an area that we have to solve.”

There are certain issues that are industry-wide, Gates added, such as preventing internet flooding, getting rid of passwords, changing the mail protocols so that these systems can verify each other. “Then there are things that are Microsoft-specific, making it easy for our customers to know that they’re properly isolated, making it easy for them to know that they’re properly updating their software and making it so there’s no manual effort involved in that at all. That, which when we get it done it just enables all the other cool things to take place, that’s actually the biggest category,” he said.

Gates also suggested that spam would be “off the top-five list” within the next two years. “We have pioneering customers today who we’re going down the learning curve with… And so there’s already best practices being established around this.”

The two-year timeframe is due to the need to resolve issues around easy quarantine, educating users and having good auditing tools, Gates said. “Isolation is a very key technique. You can’t assume, given the variety of systems out on the internet, that every one of those would be reliable, and so you have to make sure that your corporate environment and even sub-partitions have degrees of isolation. That is the magic thing that even if there are isolated outbreaks it prevents them from becoming these gigantic earthquake events like we’ve seen over the last several years.”

By Gordon Smith