Ballmer Pushes for War on Hacking

Microsoft (Nasdaq: MSFT) CEO Steve Ballmer is ratcheting up the computer industry establishment's pressure on hackers, meeting this week in Washington, D.C., with Homeland Security Secretary Tom Ridge and IT industry leaders to decry Internet crime.

Ballmer observed that the circle of active hackers today is largely "far-flung and anonymous" but could wreak havoc on the country's computers "in a matter of minutes."

Speaking before an audience of IT insiders, sponsored by the Center for Strategic and International Studies (CSIS), a think tank, Ballmer also outlined Redmond's antihacker and antispyware strategies. He indicated that in coming months, Internet Explorer will be bolstered with anti-pop-up protection and improved e-mail integration to kill spam.

But he also stated that Windows will continue to be a target of Internet thugs because of its pervasiveness. "If there are one or two or three operating systems that have some high percentage of the market, then hackers will continue their evil doings," said Ballmer during the speech. "If there were 100 million operating systems, no one would attack."

Antivirus Software Outdated

Noting that only 30 percent of antivirus software installed on PCs is up to date, Ballmer said responsibility for security rests with everyone, not just the government or developers. "Every individual, every business, every organization, every government agency that uses a computer also has a responsibility to ensure that they're protected," he noted.

Ballmer said home computer users need to install firewalls, up-to-date security and antivirus software, while business users need to be more vigilant as well.

"The best lock in the world is useless if the front door is left open or the key is under the mat," he said.

Microsoft is working with the Business Software Alliance and an industry group on Internet security cooperation. In the future, Ballmer said, new computers featuring "active protection technologies" may make PCs more resistant to malicious viruses and worms. Those technologies are already in development.

Firewall on by Default

"One example of this is what's called 'behavior blocking,' which are really technologies identifying and intercepting code that looks suspicious before the computer is infected," said Ballmer. "A protected computer will say, 'I won't execute this without asking the user for permission.' And that's really an important area of breakthrough." Some security measures that incorporate this behavior-blocking technology will come to market more quickly.

For example, Windows XP Service Pack 2, poised to debut in late spring, will feature a Windows firewall that will be turned on by default and an Internet Explorer update that will automatically block unsolicited downloads from Web sites -- unless the consumer explicitly clicks on a download link.

Previously, "with the Slammer and Blaster worms, you were protected if your software was up to date -- but even if you were running old software, you were still protected if the firewall in Windows XP was turned on," Ballmer said.

In years past, customers did not want the firewall turned on automatically, so Microsoft let them do it themselves. Not anymore.

Changed World

"The world has changed since then," said Ballmer. "Users can still turn the firewall off in this new service pack; but otherwise, it's going to be on from the day people download the service pack or get a new computer with Service Pack 2 installed."

The remarks came during the same week that the federally funded Computer Emergency Response Team (CERT) released its annual report on hacking and viruses for 2003.

The new report, obtained by TechNewsWorld, said that from January through December 2003, the CERT Coordination Center received 542,754 e-mail messages and more than 934 hotline calls reporting computer security incidents or requesting information.

"We received 3,784 vulnerability reports and handled 137,529 computer security incidents during this period," the report said.