Microsoft gives away antispyware

SAN FRANCISCO -- Microsoft will offer free antispyware to all who license its software, a move that, combined with other Microsoft plans, could reshape the burgeoning information security market.

Speaking here at the RSA Conference, Microsoft chairman Bill Gates said the new antispyware capabilities would be in the company's Internet Explorer 7.0 browser. A beta version of the browser is scheduled for release by early summer.

A beta version of Microsoft Windows Antispyware has been downloaded 5 million times, and about 3 million users of the beta software have reported spyware problems back to Microsoft as part of the company's Antispynet program, Gates said. Its purpose is to create a database to help Microsoft researchers further develop the company's antispyware capabilities.

Spyware, a form of malware that slows down a computer's performance and compromises computer privacy, is "a very serious problem," Gates said.

But when he shifted to the topic of fighting spam, Gates was upbeat. "We're past the peak with spam," he said, adding that the industry now has techniques to make spam less of a problem than it has been. One of those new techniques is Microsoft's Sender ID, which Gates said will further reduce spam. More than 90 percent of spam messages, he said, can be controlled with existing IP address blocking and content filtering techniques.

Gates went on to present a broad roadmap of information security initiatives at Microsoft. The company has allocated a third of its $6 billion research and development budget to improving information security.

Gates said Microsoft is spending money on research in four technical areas, which are improving the company's software update techniques, isolating security problems within computer systems to lessen their damage, strengthening computer access controls and protecting users from Internet-enabled social engineering attacks such as phishing scams.

Microsoft will begin beta testing a new software update infrastructure in March, he said. The new update center will give Microsoft users access to a single database of updates through a connection and user interface that are appropriate to their needs, he added. Corporate users will be permitted greater control over the update process. For home users, the update process will be highly automated for their own protection.

Microsoft will include host isolation techniques in Server 2003 Service Pack 1, Gates said. The software, which the company released in beta last week, includes a security configuration wizard and support for policies that block software that could cause security problems.

Microsoft's product roadmap includes, among other things, a federal identity management server that will let companies and government agencies conduct business securely with outside organizations, Gates said.

The federal government cannot reach its cybersecurity goals without the kind of research that Microsoft is doing, said Dan Mehan, assistant administrator and chief information officer at the Federal Aviation Administration, who is attending the conference. "If we're going to get there, it's going to be the private sector that does it," Mehan said. "Gates spends $2 billion a year on [cyber] R&D," he said. "I can't get even $2 million."