ORLANDO (10/21/2003) - Speaking in separate sessions Tuesday at the Gartner Symposium/ITxpo in Orlando, Microsoft Corp. Chief Executive Officer Steve Ballmer and Intel Corp.'s chief Craig Barrett discussed the looming security issue.
Both executives acknowledged that security is a problem, but each sent the message that it will be manageable in time.
Ballmer has been spreading the word that Microsoft is making security a top priority and building better security into its products. Two weeks ago, Ballmer said security is a defining moment for Microsoft, as important as its 1995 decision to embrace the Internet.
Tuesday morning, Ballmer said the security of Windows is actually on par with that of rival Linux, primarily because Microsoft pays its developers to make sure of it.
"There's no reason to believe [Linux] will be higher quality. I'm not going to say it will be worse," he said.
Ballmer pointed as an example to the improvements Microsoft has made between Windows 2000 and Windows 2003. In the first 150 days after Windows 2000 was released, he said, CERN found 17 critical vulnerabilities. In the first 150 days after Microsoft launched Windows 2003, there were four critical vulnerabilities.
"In the first 150 days of Red Hat Inc.'s 6.0, it was five to 10 times that [number of vulnerabilities]," Ballmer said.
Still, Ballmer conceded that for most of Microsoft's customers, four critical vulnerabilities are too many.
"We've made dramatic strides. It's still not good enough, but we have made dramatic strides," he said. "I know we need to do better. We're in the position where the hacker only needs to find one hole, but we have to protect [against] them all."
Gartner analyst Tom Bittman asked Ballmer if the industry will still have the same security problems with Microsoft software a year from now.
"I hope not. I think not. We have that as priority No. 1," Ballmer answered. "We're not going to let anything stand in the way."
In Barrett's discussion, Gartner analysts asked about his outlook on security.
"In five years' time it will be better," Barrett said. "Security is a manageable issue."
The topic of vendor accountability for security problems also arose.
"The system always seems to work better if private enterprises can deal with these things than if the government does," Barrett said.