Everyone, from computer users to software vendors to government agencies, is responsible for cybersecurity, Microsoft Corp.'s chief executive officer (CEO) told a crowd in Washington, D.C., Wednesday.
Microsoft CEO Steve Ballmer did not outline new security initiatives in his speech at the Center for Strategic and International Studies, but he outlined the steps Microsoft has taken since its Chairman and Chief Software Architect Bill Gates called for security to become a top priority for the company in January 2002.
Among the future steps Microsoft will take on security is a service pack, due out in a couple of months, for the Windows XP operating system that will have a firewall turned on by default, Ballmer said. A similar update to Microsoft's server operating system will come later. Future versions of the Internet Explorer browser will block automatic pop-up ads and downloads without the user's permission, he said.
"Security is absolutely the -- I was going to say 'a,' but I'll say 'the' -- top priority at Microsoft," Ballmer said.
Microsoft is also working on ways to block viruses and worms before computers execute their code, he added. "The computer can look at (the code) and say, 'It doesn't smell right to me. I won't execute this without asking the user for permission,'" Ballmer said of the behavior-blocking initiative he called "active protection technology."
But Microsoft and other software vendors aren't alone in their responsibility to secure computers and the Internet, Ballmer said. He called on government agencies to work with vendors on security research, to pass laws that target cybercriminals and to help raise public awareness about cybersecurity.
"As a global leader in software, our company ... and our products are often the prime target for cybercriminals," Ballmer said. "Yet, this is not really about any single technology or computing platform or company. It's bigger than any single company."
This week, Ballmer talked to Tom Ridge, secretary of the U.S. Department of Homeland Security, about ways to better anticipate cyberattacks, he said. "The kinds of attacks we've seen -- that have these kinds of crazy names like Blaster and SoBig and MyDoom -- once unimaginable, are crimes we need to both anticipate and act against," Ballmer said.
Ballmer also called on individual computer users to take responsibility for their own corner of cyberspace. Computer users need to keep up with software updates, use personal firewalls and keep their antivirus software up to date, Ballmer said. Less than 30 percent of computer users using antivirus software keep it current, he said.
"This is not only a responsibility to themselves, but also to their neighbors," Ballmer said. He compared the security of the Internet to maintaining highway systems: Car makers have a responsibility to make safe cars, governments have a responsibility to maintain highways and drivers have a responsibly to drive and maintain safe vehicles, he said.
Ballmer was asked by an audience member if the predominance of the Windows operating system adds to security problems. Ballmer had acknowledged Microsoft products as a major target of hackers, but he denied that more competition would aid security. "The truth is hackers will go after one or two or three (operating systems)," Ballmer said. "They will go after what's popular."
Ballmer called on IT vendors to work together to improve security. "Everyone in the IT industry is used to competing, but on cybersecurity, we know we have to come together and collaborate in very new ways," he said. "These are real threats, and the stakes for society and our economic future and national security are very high."