Microsoft: 'Harden your environment'

Businesses shouldn't look to the police, the law or Microsoft to deal with their security concerns, the solution lies with them says Microsoft's chief security adviser
Written by Tom Espiner, Contributor

The chief security advisor for Microsoft UK, Former FBI agent Ed Gibson, on Wednesday said enterprises must take steps to toughen their security environment to foil cybercriminals.

"You have to harden your environment. When I grew up on a farm in Michigan, we took worms and fished with them — but now there's a different kind of worms and phishing," said Gibson. "Criminals are trying to steal proprietary data that is key to your success."

Businesses could not rely on international policing or law alone to protect their intellectual property, Gibson told the MIS WebSec Conference in London on Wednesday..

"We read every day about proprietary data being stolen. We look to law enforcement to ferret out criminals, but law enforcement is jurisdictionally bound. So you look to government, maybe, for harsher laws, but is that the answer?" asked Gibson.

He admitted older Windows operating systems did not have the level of security necessary to counter cybercriminals.

"People ask what's wrong with Microsoft products that means they need updating every second Tuesday of the month. Well Windows 95 and 98 are workhorses, but they weren't built for the demands of today, with organised crime and botnets," said Gibson. "How do you deter these people who want to do everything they can to get into your knickers? You have to harden the environment," Gibson added.

Microsoft has been heavily criticised in the past for poor levels of security in its products, particularly the Windows operating system. Gibson said he would "like to displace some misperceptions about Microsoft's security role".

"Security is a top priority for Microsoft, because it's a top priority for our customers," Gibson said. "When I buy a Microsoft product I want it to do exactly what it says on the box. Now, you get what you ask for.

"Security is an industry problem for all of us. Microsoft is collaborating with you and law enforcement to bring you products that do what they say on the box," said Gibson.

Gibson said that businesses and industry professionals had recognised that other operating systems could be compromised.

"People have recognised [security] is never solely a Microsoft issue. There are other companies who have experienced what Microsoft experienced for a long time. Microsoft being the market leader on most desktops, if there is activity against companies they will probably be using Microsoft products.

"Microsoft platforms are attacked because they are ubiquitous. Now we have more security so hackers are looking elsewhere and attacking companies that didn't experience problems before," continued Gibson.

A recent flaw found in Apple Mac OS X, was deemed "extremely critical" by security company Secunia, and a further 20 holes were later discovered.

"Software is now facing more challenges than ever before — it's like living on a major thoroughfare, you're going to [need to] ensure more protection," said Gibson. "I'm willing to put my personal reputation on the line, and I'm convinced Microsoft continues to take steps to help ensure a safer computing environment."

Gibson was hopeful about the future of e-commerce, despite his concerns about security: "The outlook for e-commerce on the net is very very bright. Let's not get bogged down in problems. The outlook is so good, I would even use your credit card to do a banking transaction online," Gibson told ZDNet UK.

Editorial standards