Ballmer touts security upgrade

To improve the security of Microsoft Corp. products and users, company officials made several changes in their next operating system, including default activation of the firewall, according to Steve Ballmer, Microsoft's chief executive officer.

Information security is now part of everything the technology world does, and companies, government and individual users must approach it that way, Ballmer said at a luncheon in Washington, D.C., cosponsored by the Business Software Alliance trade group and the Center for Strategic International Studies think tank.

"All of us in the [information technology] business are, whether intended or not, permanently in the security business as well," he said.

For Microsoft, the security business has meant investing significant money and resources in education. The company has partnered with government and other IT vendors, Ballmer said. But it has also led the company to a research and development strategy with four key areas: isolation and resiliency of systems, easier and better software updates, improved quality of software code, and strengthened authentication and access control.

Many companies are working to improve software, patch updates and software development. Last week, a task force, working with the Homeland Security Department, released its recommendations on software development.

Microsoft officials, however, also have specific plans for their own operating systems and software, which are used on the majority of computers worldwide.

Isolation simply means helping users to "draw a stronger line of defense around each computer and each network," Ballmer said.

Within the next few months, Microsoft will release a new service pack for its Windows XP and 2000 operating systems with several significant updates, including activating the integrated firewall as a default setting. Users originally didn't want that setting, but the environment has changed, Ballmer said. Microsoft has no plans to include an integrated antivirus solution, too, but more users are asking for that, so executives aren't ruling anything out, he said.

Microsoft has previously said that the service pack will:

Set the Internet Explorer browser to block automatic pop-ups and downloads.

Improve how the browser's e-mail and instant messenger handle attachments that can carry viruses and worms.

Enhance the operating systems update notification with a Windows Security Center that takes security preferences for several major tools and applications and groups them in one area.

Include new technology to make it harder for attackers to exploit the buffer overflow vulnerability.

Later this year, Microsoft will release a similar service pack for its Windows Server operating system.