November 14, 2001, 12:00 AM — Microsoft Corp. Chief Technology Officer Craig Mundie has one of the
most difficult jobs in a company full of difficult jobs. The tough-
speaking executive has found himself on several occasions addressing
red-hot issues at the time in which they were most heated -- such as
talking to a roomful of Linux developers in July, just weeks after
Microsoft executives had compared their operating system of choice to a
Tuesday, just one week after an independent programmer managed to write
a program that could expose credit card information stored in
Microsoft's Passport authentication service database, Mundie found
himself in a similar pinch: standing before nearly 150 industry
executives and security experts talking about the security behind
Microsoft's lofty plan for the Internet, called .Net.
As seen in the recent security snafu with Passport, the key
authentication technology that will facilitate .Net, Microsoft still
has a ways to go before it can ensure that its plans for pervasive
computing will be secure. Speaking at Microsoft's campus here, where
the company is hosting a three-day Trusted Computing Forum, Mundie
conceded that and extended an olive branch to those who might be able
to help solve the problems.
"Despite best efforts by smart people, it is unlikely that computing
will ever be perfect," Mundie said, comparing the problems facing the
technology to those faced with several innovations in history, from the
telephone to the credit card. "I don't think the people who designed
these networks ever would have predicted the problems they would face.
"In a way you could say it was a bit naive," he said.
But programmers have found ways to exploit Microsoft's naivete,
spreading worms such as Code Red and Nimda through Microsoft's Internet
Information Server software, and this has raised serious questions
regarding how the company and the industry can progress without falling
victim to similar malicious computer attacks.
Still, growing industry support was witnessed here in the comments from
attendees, many of whom are Microsoft's biggest critics and competitors.
"There is a lot to be said about Microsoft's progress in cooperating
with the industry on privacy," said Tatiana Gua, senior vice president
of integrity assurance at America Online Inc., the Internet service
division of AOL Time Warner Inc., who attended Mundie's presentation.
Citing the addition of new security technologies in its products, such
as P3P (Platform for Privacy Preferences) and Microsoft's efforts to
step up its cooperation with industry standards groups, Gua expressed
some support for Mundie's presentation. Still, she criticized some of
the technical points in Microsoft's security strategy.