Ben Fathi is the vice president of the Security Technology Unit at Microsoft and is responsible for the overall security of Microsoft's products as well as the development process known as the Secure Development Lifecycle. He took a few minutes recently to talk about the security features in Windows Vista and how Microsoft's security play will affect third-party vendors.
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
What are the early returns like from customers on the new security features in Vista?
Fathi: The feedback has been almost universally positive. We've had a huge number of beta customers, something over a million of them, running the earlier versions of Vista, so we've received a lot of security, performance and reliability feedback from them. There are a number of utilities in Vista that can send data back to us automatically whenever something hangs or crashes and we can collect and analyze that and look for spikes that indicate problems. Talking to customers, the security aspects of Vista get a lot of mentions. We've spent a lot of time improving the usability of the security controls like User Account Control to reduce the number of pop-ups customers get.
If we have another conversation in six months, what kind of security performance would you like
to see from Vista at that point?
Fathi: Obviously zero vulnerabilities would be great. I'd be dancing in the streets with that. But the number should be very small. I'm hoping for a reduction of at least 50 percent over XP. One thing that happens when a new OS comes out is that the research community shifts its attention to the new version. But because of the defense in depth approach that we've taken, it improves the end-user experience so that if there is a vulnerability, they're protected.
With big vendors such as Microsoft and Cisco building more security into their products, does
that reduce the opportunity for independent security vendors over time?
Fathi: I hope and believe that there's plenty of opportunity for them to innovate and add protections both on top of and underneath the system. There are a lot of categories that we're not going to get into. But as we improve the security of the base product, some of the other vendors' products may not be as interesting as they once were.