Everyone, from computer users to software vendors to government agencies is responsible for cybersecurity, Steve Ballmer, head of Microsoft has exclaimed.
Talking at the Center for Strategic and International Studies in Washington DC, Ballmer didn't outline any new security initiatives but did go through Microsoft's previous efforts since security was officially named as the company's top priority over two years ago.
He reiterated what has become Microsoft's fall-back defence of the XP service pack 2 whenever it has faced another embarassing security issue, mentioning yet again that it will have the firewall turned on as a default. He said a similar update to the company's server operating system was also coming. Future versions of the Internet Explorer browser will block automatic pop-up ads and downloads without the user's permission.
"Security is absolutely the - I was going to say 'a,' but I'll say 'the' -- top priority at Microsoft," Ballmer went on.
Microsoft is also working on ways to block viruses and worms before computers execute their code, he added. "The computer can look at the code and say, 'It doesn't smell right to me. I won't execute this without asking the user for permission'," Ballmer said outlining "active protection technology", but failing to explain when the talking, thinking computers would be released onto the market.
But Microsoft and other software vendors aren't alone in their responsibility to secure computers and the Internet, Ballmer said. He called on government agencies to work with vendors on security research, to pass laws that target cybercriminals and to help raise public awareness about cybersecurity.
"As a global leader in software, our company and our products are often the prime target for cybercriminals. Yet, this is not really about any single technology or computing platform or company. It's bigger than any single company." Wishful thinking certainly, but with a clear element of truth as well.
This week, Ballmer talked to Tom Ridge, secretary of the US D epartment of Homeland Security, about ways to better anticipate cyberattacks. "The kinds of attacks we've seen - that have these kinds of crazy names like Blaster and SoBig and MyDoom - once unimaginable, are crimes we need to both anticipate and act against," Ballmer said.
Ballmer also called on individual computer users to take responsibility for their own corner of cyberspace. Computer users need to keep up with software updates, use personal firewalls and keep their anti-virus software up to date, Ballmer said. Less than 30 percent of computer users using antivirus software keep it current, he said.
"This is not only a responsibility to themselves, but also to their neighbours," Ballmer added. He compared the security of the Internet to maintaining highway systems: Car makers have a responsibility to make safe cars, governments have a responsibility to maintain highways and drivers have a responsibly to drive and maintain safe vehicles, he said.
Ballmer was asked by an audience member if the predominance of the Windows operating system adds to security problems. Ballmer had acknowledged Microsoft products as a major target of hackers, but he denied that more competition would aid security. "The truth is hackers will go after one or two or three [operating systems]," Ballmer said. "They will go after what's popular."
Ballmer called on IT vendors to work together to improve security. "Everyone in the IT industry is used to competing, but on cybersecurity, we know we have to come together and collaborate in very new ways," he said. "These are real threats, and the stakes for society and our economic future and national security are very high."