DOC

Computer Security, Privacy, and Online Safety - TwC at Five Years

By Marjorie Wagner,2014-11-25 10:04
9 views 0
Computer Security, Privacy, and Online Safety - TwC at Five Years

    Microsoft & Computer

     Security, Privacy, &

    Online Safety July 2007

__________________________________________________________

OVERVIEW

    At Microsoft, our customers computer security, privacy, and online safety are top

    priorities. For that reason our Chairman Bill Gates launched Trustworthy Computing (TwC) in 2002 and we are today reaching out to leaders in government, law enforcement, non-profits, and the private sector in a broad-based effort to advance four core principles:

    ; Security: online systems should be safe from attack and unwonted intrusions by

    viruses, worms, or other malicious software.

    ; Privacy: Internet users should be free from fear that their personal and financial

    data will be stolen and used by others without their consent.

    ; Safety: all Internet users should be free of harassment or exploitation. It is

    especially vital that our children be free to explore the wonders of the Internet

    without being harmed by inappropriate content or threatened by predators. ; Critical Infrastructure Protection (CIP): society’s critical services – from banking to

    communications, transportation, energy, healthcare, and government must be

    made safe, reliable, and secure.

    Microsoft is making progress in all four areas, innovating new software technology that builds security into software from the beginning; empowering Internet users through education, privacy protection, and improved regulatory and legal standards; and creating a culture of safety in collaboration with others in industry, business, law enforcement, and government.

    ________________________

BACKGROUND

    The Promise and the Problem

    The promise of the Internet has only begun to be realized as a catalyst of innovation, education, and expanding global economic growth. Left free to realize that promise, there are few areas of our lives that cannot be dramatically benefited from this “new interconnected world.”

    Yet, this miracle of positive change is threatened by a new kind of vandalism, harassment, and outright criminality. Concerns about the collection and use of personal data have the potential to erode public confidence in digital commerce. Spam, once just an annoyance, has become a very real threat to computer security and even endangers the viability of e-mail communications. Criminals impersonate legitimate companies to perpetrate identity theft. Child predators prey upon unsuspecting minors. And,

     1

    computer viruses, worms, and other malicious software have become increasingly sophisticated in penetrating the ever new defenses arrayed against them.

MICROSOFT’S STRATEGY FOR CYBER SAFETY

    These complex and unpredictable challenges require flexible and comprehensive responses. Microsoft is pursuing a multi-pronged strategy that: 1) builds security into our software from the beginning; 2) empowers Internet users, and 3) creates a culture of safety in collaboration with other companies in the industry, businesses, law enforcement, and government.

Building Security into Software from the Beginning

    Microsoft is committed to strengthening our software’s defenses against attack: our goal is to create products that are secure by design, secure in their default mode of operation, and secure when deployed.

    ; Trustworthy Computing: In January of 2002, Microsoft fundamentally changed the

    way we design and develop software when we launched Trustworthy Computing.

    The ramp up of TwC brought the work, at the time, of 8,500 software developers to

    a temporary halt and delayed the release of Windows Server 2003, costing the

    company over US$200 million. But, it produced a generational leap in the defense

    against cyber attack.

; Windows Vista: Microsoft’s Windows Vista – the most secure operating system in

    company history was designed from the beginning with security in mind. Vista

    designers employed the Security Development Lifecycle, or SDL, an innovative

    software development method, which now applies to all of our products that connect

    to the Internet (some 90 percent of our product offering). While the Internet

    changes too rapidly for any software to be 100 percent secure and still provide an

    effective user experience, the SDL enables significant reductions in the kinds of

    vulnerabilities that hackers and cyber-attackers exploit.

    ; Security Updates: Because a rapidly changing Internet means a continually evolving

    threat, Microsoft issues monthly security updates that are available to all through

    Microsoft Update. Scheduled updates bring consistency and predictability for

    customers both large and small, from those managing complex enterprise systems to

    small business owners and consumers.

; Critical Infrastructure Protection Team: In December 2006, Microsoft formed a

    dedicated Critical Infrastructure Protection Team in order to continue to drive

    strategic change both at Microsoft and with partners. Our goal is to enhance the

    security of critical infrastructure -- banking, communications, transportation, energy,

    healthcare, and government services -- by increasing the trustworthiness of software

    and IT services, and by collaborating with governments and critical infrastructure

    providers to reduce and manage risks.

; Our Quick Response Team: Because cyber attacks are inevitable no matter how

    good the software, we have created the state-of-the-art Microsoft Security Response

     2

    Center (MSRC) to immediately investigate any reported vulnerability and to swiftly

    build and disseminate security fixes.

    ; Spam Blockers: Microsoft deploys robust filtering and blocking technology to fight

    the epidemic of spam, which by some estimates makes up two-thirds of all e-mail

    traffic worldwide and threatens the very viability of the Web.

Empowering Internet Users

    Educating consumers about the actions they can take to improve their computer security, enhancing their privacy protections, and giving them better tools to safeguard their personal information and their children’s well-being these are all part of our campaign

    to empower the consumer.

    ; Educating the consumer. To help customers better manage external threats to their

    computers, Microsoft launched the “Protect Your PC” campaign, which now

    incorporates the Security At Home site on Microsoft.com. These resources

    available in 41 markets and translated into 29 languages offer advice on how to

    protect children online, combat and reduce spam and so-called “phishing” attacks,

    and preserve online privacy.

; Giving Parents Better Tools to Help Protect Their Children: We’ve built advanced

    Parental Controls into Windows Vista to help guide and protect children’s Internet

    usage, including settings that allow parents to set up separate accounts for each

    family member, customize content, and access detailed activity reports about Web

    sites visited, total time spent online, and information about interactions in chat

    rooms and at social networking Web sites. In addition, Windows Live OneCare

    Family Safety is a free Web-based service to aid parents in blocking inappropriate

    content and creating a safer online experience for their children.

; Helping the Consumer Take Control: Microsoft empowers users to take privacy

    protection and safety into their own hands with a broad range of technologies built

    into the Microsoft Windows operating systems and other products, as well as our

    Windows Live offerings.

    o For example, Xbox and Xbox 360 are designed to provide a safer, age-

    appropriate experience for all users, with parental controls and Xbox 360’s Family

    Safety Settings that give parents the ability to customize their children’s playing

    environments. Xbox 360 recognizes game-rating systems from countries around

    the world, allowing parents to decide the maturity level of games they want their

    children to play.

; Building Privacy Protections in From the Start: The Microsoft Privacy Standard for

    Development (MPSD) ensures that customer privacy and data protections are

    systematically incorporated into the design, development, and deployment of our

    products and services. Among other things, the MPSD includes detailed guidance for

    creating notice-and-consent experiences, providing sufficient data-security features,

    and maintaining data integrity.

     3

    ; Clear Communications: In an effort to clearly communicate to customers the extent

    of the company’s use of their data, Microsoft has instituted a “layered” privacy notice

    that provides summaries of our practices with links to full statements and relevant

    information.

Building a Culture of Safety

    Microsoft engages at multiple levels with industry, business, law enforcement, and government to create an expanding culture of safety in which all work together to find solutions, mitigate risks, and promote best practices. These efforts include formal legal actions; support for global law enforcement against spammers, perpetrators of Internet fraud, and child predators; advocacy for comprehensive privacy legislation, and leadership on a variety of industry-driven computer security and online safety initiatives.

    Additionally, Microsoft provides technical assistance to local, state, and national legislatures drafting bills on content regulation, child safety, social networking, spam, online fraud, and malicious and deceptive software. Indeed, we support efforts to strengthen and harmonize worldwide privacy laws, increase punishment for perpetrators of crimes against children, and establish formal, mandatory Internet safety education programs in schools.

    At the same time, we must be careful that the desire to protect does not choke off the well-spring of innovation the Internet offers. As a general rule, we believe that governments should allow self-regulation to demonstrate its efficacy, and that while ratings, labels, and other such mechanisms are useful in many contexts, they should not be mandated by law. In some cases, however, regulation will be urgent and necessary, such as in the prevention of criminal activity and child exploitation. In such cases, Microsoft is a leader in the effort to help governments and law enforcement fashion laws that are effective because they are clear, precise, and narrowly tailored to address the specific need of the issue at hand.

    ; Strengthening the Rule of Law: Microsoft has been a leader in a number of initiatives

    to increase the legal protections of Internet users.