Microsoft Chairman Bill Gates announced to employees yesterday a major strategy shift affecting all products, including flagship Windows software, that emphasizes security and privacy over new capabilities.
In an e-mail message to employees obtained by the Associated Press, Mr. Gates referred to the new philosophy as “Trustworthy Computing” and called it the “highest priority” to ensure that computer users continue to venture across an increasingly Internet-connected world.
Mr. Gates said the new emphasis was “more important than any other part of our work. If we don’t do this, people simply won’t be willing or able to take advantage of all the other great work we do.”
“When we face a choice between adding features and resolving security issues, we need to choose security,” Mr. Gates continued. “Our products should emphasize security right out of the box.”
The change comes after the discovery of major security problems in Microsoft products, such as a flaw in the latest versions of Windows that allowed hackers to seize control of a user’s computer. Another problem allowed the Code Red viruses to cripple hundreds of thousands of computers running Microsoft products.
Mr. Gates also referred to the September 11 terrorist attacks as another impetus to emphasize security.
He noted that events from last year, from the terror attacks to the virus outbreaks, “reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it’s the airlines or computer systems.”
Microsoft products can be found in almost every government facility, from the White House to aircraft carriers at sea. One person with knowledge of the change said new products and features will be tested for security risks before going any further if they fail, the feature won’t be included.
“Things are going to have to go through a crucible, and the crucible will be security first,” according to this person, who spoke only on the condition of anonymity.
Compensation plans of Microsoft product engineers, such as raises and bonuses, also will be tied to how secure they make products.
Russ Cooper, a security expert with TruSecure Corporation, said the change occurred in part after a new security team assigned to attend every product meeting met resistance from product teams.
Microsoft has long been criticized for focusing on making products more feature-rich rather than emphasizing security and stability. For example, Windows XP added DVD player software, a rudimentary Internet security utility and a new instant-messaging program.
Customers could also see a downside, though. Other than fewer new features, product upgrades could come less frequently or could be pushed back.
Privacy is also a focus.
“Users should be in control of how their data is used,” Mr. Gates wrote. “It should be easy for users to specify appropriate use of their information including controlling the use of e-mail they send.”