Microsoft 'Trustworthy Computing' Turns 10

gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."

Microsoft Succeeded

[DavidSell]

Windows is far more secure now. Nowadays malware mostly comes either via third party programs like Flash and PDF reader or via social engineering - like those sites which claim you have a virus and need to install this program or you need to install codec. Windows itself is very secure.

Interestingly it was also one of the reasons why people initially hated Vista. The security model of Windows changed so much that many legacy apps stopped working and driver needed to be updated. Windows users also weren't adjusted to having to work under non-admin account. That was the reason most people had issues with Vista, and by the time Windows 7 came out, application and hardware vendors had fixed their issues. Windows 7 is a very good OS, actually so good that Microsoft really needs to step up their game in windows 8 so that W7 won't become the new XP.

In my opinion Microsoft has really fixed their issues with security. Internet Explorer 9 is one of the most secure browsers around. It is currently sharing the first position with Chrome. IE9 has sandboxing, JIT hardening and other ways to make vulnerable plug-ins like Flash and PDF reader have less access to the system. Firefox is currently lacking any of these, so if you use Firefox and you are being hit with Flash or PDF vulnerability, your changes of being infected are much larger than when using Chrome or IE9.

Given that Apple is using Microsoft's Azure cloud services for their iCloud platform, I have no doubt that they can both secure the platform and develop good software to developers that can help developing secure software. After the security disaster at Microsoft tens years ago, they have added security features to both their internal tools, but also to the likes of Visual Studio. VS nowadays has many features that can help prevent the most usual security problems. Since Visual Studio is integrated with Azure, many developers will be using it and also having the advantage of those features.

Cheers,
David E. Sell