Microsoft changed its software engineering processes for the forthcoming Windows 2000 operating system to design a more secure product, a top Windows executive told attendees at the RSA 2000 conference.
Company officials also announced that Windows 2000 will ship to international customers with 128-bit encryption instead of 64-bit encryption, an outgrowth of the US government's recent announcement to lift some encryption export controls.
"Windows 2000 is the first wave of re-engineering security inside the company and raising the bar for security," said Brian Valentine, senior vice president of the Windows division at Microsoft. Valentine said the operating system is the most secure the company has ever shipped. "Until we give commitments to our customers, we are not going to get the confidence levels of our customers and consumers to trust us. We need better products that are simpler, more reliable and more secure."
According to Valentine, Windows 2000 was designed to be resistant to attack using a new development process in which programmers put each module through specific security criteria. He said a dedicated 15-person team of outside consultants spent 18 months vetting the software for potential flaws, and outside experts also evaluate the code. In addition, 100 key customers were asked to evaluate beta versions of the operating system for possible security flaws. "There are security and privacy issues that we have to address or we will stall the industry," Valentine said.
Todd Kreuger, founder of San Diego-based 2earn, which develops telephony and Web-based applications, said he was extremely pleased with the security of the beta version of Windows 2000 he tested. "It's better than NT 4.0, and data access is awesome using multithreaded applications," Kreuger said.
But critics at the RSA conference said the sheer complexity of the operating system, due to be released February 17, will introduce new security holes that can't be anticipated. Past versions of the popular operating system were plagued by bugs that made systems vulnerable to security exploits. Members of a panel called "Securing the Internet: When Cryptography Isn't Enough" said despite Microsoft's efforts, they didn't consider Windows 2000 secure.
Members of the panel noted that Windows 2000 is made up of modular components that may defeat security precautions by interacting outside the operating system or using plug-ins that might not comply with security testing for a specific implementation. "Tight coupling and integration of the features make it less secure," argued Steven Bellovin, a security expert at AT&T Labs.
Custom configurations may also introduce unanticipated security flaws, panel members said. They also questioned the security of ActiveX controls and digital certificates embedded in the operating system.
Valentine asserted that any security holes in products need to be plugged by vendors and not passed along to end users, not all of whom can be trusted to adequately handle security issues. "It's incumbent on us to really get serious about this and move it forward," said Valentine.
Microsoft announced at the conference that it has issued the "Microsoft Security Commitment," which isn't a guarantee of secure programs but a statement that the company takes security seriously and will respond swiftly to any potential problems. Valentine said the company has relaunched its 24-hour Security Response Centre to better handle concerns from customers. Microsoft said it has also issued clearer guidelines for information technology managers to implement security configurations and has made Windows 2000 compatible with the IPSec network security protocol.