Scott Charney: Microsoft's security chief reveals all

Scott Charney: Microsoft's security chief reveals all

Summary: Shortly after the 9/11 bombings, Microsoft hired Scott Charney, a federal prosecutor for the US justice Department, to head up its Trustworthy Computing division. At AusCERT 2008, ZDNet.com.au caught up with Charney to hear his thoughts on how those events changed the security landscape and what he thinks about the current state of IT security.

SHARE:

Shortly after the 9/11 bombings, Microsoft hired Scott Charney, a federal prosecutor for the US justice Department, to head up its Trustworthy Computing division. At AusCERT 2008, ZDNet.com.au caught up with Charney to hear his thoughts on how those events changed the security landscape and what he thinks about the current state of IT security.

The Trustworthy Computing division's sole task was to ensure that Microsoft made security the highest priority when developing products.

Scott Charney, VP of Microsoft's Trustworthy Computing Group

Charney was an interesting choice for Microsoft. In his role as lead federal prosecutor for the US Department of Justice's criminal division, he worked on every major hacking case in the United States between 1991 and 1999.

The first real evidence that Microsoft had changed its ways came with the release of Windows XP Service Pack 2, which contained an improved firewall, had auto-update turned on by default and consolidated security controls into a single "security centre". According to Microsoft, the update made Windows XP 15 times safer.

In this exclusive eight-part video interview, Charney discusses Microsoft's current approach to security, what challenges lie ahead and what has gone wrong in the past.

Topics: Security, Emerging Tech, Microsoft, Windows

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Mwahahhahaaaaa...........

    Microsoft.....security....microsoft ?...security ????

    Mwahahahhahahhahahaaaa.....!!!!!!!

    *wipes eyes*

    Ahhhhhhh........... thanks, I needed that.
    anonymous
  • And everyone else is to blame.

    So it's the users and the applications that are the problem, not the shoddy OS they use or run on.
    It's all so clear to me now!
    So this means they're finally throwing in the towel and now not even bothering to try and defend their products, they're just going to try and shift the blame elsewhere.
    'Yes Your Honour, it was the victims fault. If he hadn't have walked down that dark alleyway with that money then none of this would ever have happened. My client is blameless"

    Oh, why did they put a lawyer in this position anyway? Surely someone with a clue about the issues would have been more appropriate? Having said that, I think his job is the most unenviable in the Redmond structure, that and chair replacement guy for Ballmer.
    anonymous
  • hear hear

    good call Anon.
    anonymous
  • MS Security - via Xenix!

    Ahh!! History and total amnesia at Microsoft.

    In the 1980s to the 1990s Microsoft sold - wait for it - its own version of UNIX - named "Xenix" - still a trademark of Microsoft - and - more - it was largely used for internal systems at Microsoft at the time!

    Now - guess what - that same Xenix became "Trusted XENIX" via a company called "Trusted Information Systems (TIS)" in the USA and it received a very high security "rating" of B2. John Ulett was the MS marketing manager for many years.

    Then - of course - there was MS "Palladium", renamed NGSCB - Next Generation Secure Computing Base - project . What happened ??

    No application can be any more secure than the operating system it runs upon... and that is the truth that Scott has to start admitting - and MS to start fixing! Yes - NGSCB gave us some direction with its "Nexus" trusted computing base direction. It should have been IN VISTA - now!

    After all - we should well and truly be operating in some form of "Flexible Mandatory Access Control or FMAC" by now - the direction that SELinux and SUN's Solaris 10 are both moving into - with availability NOW.
    anonymous