Seven years ago, Microsoft made a commitment to a dramatic shift in the company's mission and strategy – to focus on making more secure and reliable products and services, protecting customers' privacy, and being more transparent and responsive in their business practices. They call this Trustworthy Computing (TwC), and it infuses everything they do.
Trustworthy Computing
by Microsoft
Privacy and Online Safety
Although we may always have to deal with some spam, we continue to
make great progress in protecting inboxes through collaboration with
industry and government, consumer education, and technical
innovations. Industry-wide legal efforts and partnerships with law
enforcement have helped stop some of the highest-volume spammers in
the world. The SmartScreen filtering technology in Windows Live Mail
blocks more than 3.4 billion spam email messages every day. The next
version of Microsoft Exchange will include even more robust and
accurate anti-spam technology that makes it easier for IT
administrators to keep unwanted email out of corporate inboxes. And,
across the industry, Microsoft is working to reduce spam and
phishing attacks by developing technology to authenticate the
identity and reputation of email senders.
While people still need to be vigilant and protective of their
personal information, innovative software can be a powerful first
line of defense. The Microsoft Phishing Filter for Windows Vista,
Internet Explorer 7, and the Windows Live toolbar help sniff out
“phishing” attacks and malicious Web sites, offering cyber criminals
fewer opportunities to deceive and defraud. In addition, more than
17.5 million customers are regularly using Windows Defender to
protect themselves from spyware threats; Defender will be included
in every copy of Windows Vista and available to genuine Windows XP
customers.
We're also working with policymakers and industry leaders in the
United States to encourage federal laws that establish baseline
privacy protections for consumers while still allowing commerce to
flourish. And, since privacy threats know no borders, we're also
working with governments around the world to make privacy laws as
consistent as possible..
We've adopted a single privacy notice across all our online
properties. Known as a “layered notice,” this policy explains –
briefly and in simple language – Microsoft's policies and customers'
rights with regard to the personal information they share with the
company. Included are links to full legal statements and other
relevant information so people can learn more if they choose..
The last few years have shown that privacy and data protection are
also critical issues for businesses. Windows Rights Management
technology is already helping companies safeguard information from
unauthorized use, and with the advent of Microsoft Office 2007 we
offer even more ways to protect sensitive data. For instance, Office
2007 includes a Document Inspector that helps information workers
remove unwanted data (such as author names or revision marks) before
they publish documents. It will also include a new Trust Center to
help customers manage security settings and understand and control
how and whether their applications communicate with Microsoft.
BitLocker Drive Encryption, a hardware-based data protection
feature, addresses growing concerns over corporate and customer data
being accessed from lost or stolen machines..
Security
As software drives more of the devices we use every day and cyber
criminals continue to find new ways to disrupt, vandalize and steal
on the Internet, helping ensure security remains a critical part of
Trustworthy Computing. Since security threats evolve over time, we
must not only work to create software that is more resilient to
today's threats, but also watch for new threats and work
aggressively to respond to these as they emerge.
Microsoft works closely with other software vendors, the research
community and security companies to find better ways to build more
secure software, locate vulnerabilities, collaboratively address
issues as they arise, and establish best practices across the
industry. We partner with law enforcement worldwide to help find and
catch individuals who write and distribute malicious software. And,
when a new issue threatens customers, our Security Response Center
mobilizes teams to investigate, fix and learn from security
vulnerabilities. We continue to release security updates on a
regular schedule.
We're also working to educate consumers about security and privacy
issues, and provide new tools to help them maintain and secure their
computers through various services. One such service is Windows Live
OneCare – a simple and automated way to maintain the health of PCs
by helping manage ongoing maintenance, including antivirus and
firewall protections, data backup, and regular PC performance-tuning
and software updates.
The Microsoft Windows Malicious Software Removal Tool removes
Malware from over 200 million PCs every month and has helped
dramatically reduce the number of “bot” infections. A worldwide
education campaign on Microsoft.com provides tools and information
on how to protect customers' PCs.
At Microsoft, the work of every software developer is anchored in
security and privacy though practices such as our Security
Development Lifecycle (SDL), and automated tools that help identify
and prevent common programming mistakes that can result in security
vulnerabilities and data leakages. The SDL and other engineering
practices have greatly reduced the number of critical and important
security bulletins for our key products. Windows Vista is the first
operating system (OS) developed end-to-end under the SDL; as such,
it will be the most secure, privacy-enhancing and reliable OS we've
ever shipped.
Tens of thousands of customers participated in the Windows Vista
beta and over 130,000 customer feedback reports were reviewed.
Windows Vista features extensive security improvements in everything
from user account control and smartcard support to enhanced firewall
protection and encryption capabilities that help protect sensitive
data if your PC is lost or stolen. By default, Windows Vista runs
with limited permissions, requiring an administrator password before
installing new software or changing some settings, reducing the
potential for malicious or inadvertent damage. Improved firewalls
will monitor inbound and outbound network traffic to block
potentially risky applications and mitigate the impact of malware.
Secure startup technology will monitor critical system files and
prevent the computer from booting up if they have been compromised.
Microsoft Office 2007 also features significant security
enhancements, including Trusted Locations that help corporate IT
administrators ensure the security of the solutions they deploy
across their entire infrastructure, as well as a Trust Bar that will
enable computer users to review security information about the
documents they receive and block potentially harmful content.
Reliability
Over the past few years, we've made great progress in improving the
reliability of our products, as well as other software built on our
platform, through continuous improvement technologies – software
that can diagnose, report, and fix problems as they arise. For
example, the error-reporting features in Microsoft Office 2007
perform thorough diagnostics when applications hang or crash,
including checking the computer's hard disk and memory and verifying
that the customer's software is up-to-date and uncorrupted. This
version automatically diagnoses and fixes many common hardware,
networking and performance issues, and works to protect the registry
and user data in the event of a problem. It can dynamically keep
track of system resources, and help avoid performance and
reliability issues when running a large number of applications.
In corporate environments, Office 2007 provides more tools to help
IT administrators keep track of performance across the network, keep
users' machines up-to-date, and reduce interruptions due to software
or hardware failures.
Looking Ahead
Microsoft has spent the past five years working to transform the
company around Trustworthy Computing, and it has improved by an
order of magnitude in each of the areas noted above. But, there's
still plenty of work to do. We've only tapped a fraction of
computing's vast potential, and the coming years will continue to
bring new innovations that transform how we live and work.
The world of PCs and servers is evolving into a rich web of
connected devices and services and computing has become enmeshed
into the fabric of our lives. This is why Trustworthy Computing has
to do more than address today's challenges – it must ensure that the
innovations people will rely on tomorrow are designed from the
outset to be reliable and secure, respectful of their privacy, and
supported by trustworthy and responsive companies.
For more information about Trustworthy Computing, please visit
www.microsoft.com/twc.