Microsoft Struggles To Define Windows Security Plan

Software vendor acknowledges it's shifting gears on how to integrate the security technology into Windows. The company's not yet prepared to spell out the details.

George V. Hulme, Contributor

May 5, 2004

2 Min Read

More than two years into an ambitious plan to develop a new approach to secure computing, Microsoft still isn't sure how it will integrate new security features into its upcoming Windows operating system, known as Longhorn.

Microsoft's Next-Generation Secure Computing Base is a long-term plan to integrate hardware and software to create a highly trusted computing area in Windows systems. Microsoft has been working with hardware manufacturers such as Intel and IBM on this initiative.

With NGSCB, worms and viruses would have a difficult time ferreting their way into the trusted "compartments" created by the technology. Or, to combat piracy, producers of electronic books and digital music could design and distribute their copyrighted material so it only could be played within the secure portion of Windows. The security technology also would provide ways to encrypt data and secure input from devices, such as keyboards, which would eliminate the threat from keystroke loggers for protected applications.

Microsoft still isn't sure how it will integrate the security technology into Windows and isn't prepared to describe how it "will all come together," says Mario Juarez, a product manager in Microsoft's security and technology business unit. But he says such details will be forthcoming this year.

Many of the yet-to-be-announced changes in Microsoft's security plans are a direct result of customer input, Juarez says. "Themes emerged when we spoke with customers," he says. "We have always intended that an application be rewritten to take advantage of what we were offering in this marriage of hardware and software."

However, customers demanded more flexibility. Now Microsoft is working on ways to let independent software vendors and customers benefit from the new security features without having to rewrite the applications, Juarez says.

The original plans were disclosed early in the process and, Juarez says, "there were bound to be changes as we evolved our approach based on customer feedback."

Read more about:

20042004

About the Author(s)

George V. Hulme

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

See more from George V. Hulme
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

thumbnail
Cyber Resilience
‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure
byShane Snider
May 6, 2024
3 Min Read
Ambassador-at-Large Nathaniel Fick at the RSA Conference 2024 in San Francisco.
Cyber Resilience
Questions for the Bureau for Cyberspace and Digital PolicyQuestions for the Bureau for Cyberspace and Digital Policy
byJoao-Pierre S. Ruth
May 16, 2024
5 Min Read
Business person draws a creative business project
IT Leadership
Why CIOs Are Under Pressure to InnovateWhy CIOs Are Under Pressure to Innovate
byLisa Morgan
May 15, 2024
8 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now