Steve Ballmer: Combating cyber thieves, con artists, terrorists and hackers

In the aftermath of Blaster, Microsoft CEO Steve Ballmer is promising to help overcome the new wave of destructive code by raising the bar for security of Microsoft products.
Written by Dan Farber, Inactive
We're entering a new era of innovation that will dwarf previous generations, compounding all that came before. We have only traversed the "first few miles on the odometer of innovation."

That's the gospel according to Microsoft chief executive officer and head preacher Steve Ballmer. With that bit of prosaic wisdom, Ballmer kicked off his speech at the Churchill Club, a gathering of Silicon Valley businesspeople.

While Ballmer argued that a "dangerous complacency about innovation" pervades the world these days, he spent most of his time describing how Microsoft is going to deal with its biggest headache--the lack of security and increasing exploitation of vulnerabilities in the Windows platform.

"There is another new and growing challenge to innovation--the need for the highest levels of security in a world that is frankly full of thieves, con artists, terrorists and hackers," Ballmer said. "Many of our customers are feeling the pain, and they are frustrated by vulnerabilities, frustrated by patches, they are concerned about the threats that hackers pose to their systems, and businesses are taking a hit at the bottom line level. Our company and our industry have to hit on all cylinders to meet this new challenge, which in and of itself again threatens innovation."

Steve Ballmer: Microsoft humbled by the worm
More video: Ballmer talks up new security "shield"

OK. We get the picture. Microsoft is under siege, deeply frustrated, concerned and threatened by the constant stream of Windows vulnerabilities.

"It's a tough problem," Ballmer said. "If someone said to me today you could wake up and write a very large check and make all of those problems go away...if that were an available option, I would seize the option in a second. But that's not the way the world works."

Of course, Ballmer promised to help overcome the new wave of destructive code by raising the bar for security of Microsoft products; working with law enforcement to find and prosecute hackers; getting the message out and providing guidelines to users for creating a more secure infrastructure; providing intelligent tools to developers that look through source code to identify potential vulnerabilities; and improving the speed, resiliency and distribution of patches. For example, he noted, when a patch is published, malicious hackers reverse engineer it and create exploitative code before the patch can be widely distributed.

Microsoft has made some progress on various security fronts, but Ballmer contends that innovation is the key: "Looking to innovation to help address security threats is the right approach," Ballmer said. "It's the passion to innovate that will continue to lift the industry to the next level of customer satisfaction. In tough times, we have to reject the idea that good enough is OK." It is important to focus on innovation, especially to develop new standards and solutions with the rest of the industry, but just making the patching process less cumbersome would be a good start.

He singled out "shield" technology as the most important area of innovation related to security. "We know the bad guys keep writing viruses," he said. "Our goal has to be to block them before they can ever get onto those PCs. Regardless of the cost and investment required of us, we are absolutely committed to try to accomplish this notion of shielding."

This sounds like some kind of Star Wars technology--the Windows deflector shield--that puts an invisible force field in place to protect systems from intruders and deflects criticism from Microsoft at the same time. Perhaps it's a future generation of firewall technology that is impenetrable by malicious hackers, but that would not follow the typical history of innovation in which the good guys and the bad guys leapfrog each other with their innovations.

It may be that blowin in the wind, rather than innovation, is the answer. Ballmer is more of an optimist, however. He is hoping that other companies will join the quest and invest in a combination of security technologies so that the innovation curve in security remains high.

"We are fully committed to meeting security threats while continuing to innovate," Ballmer said. "We believe better security and constant innovations go hand in hand."

In part, Ballmer is arguing that corporations need to invest in IT and innovation, rather than "turning the thumbscrews down" on IT spending.

In a perfect world, corporations start spending more on IT to make their businesses more efficient and competitive, which requires more secure infrastructure products, which will necessarily drive innovation in security solutions, which puts the industry back on a path to stronger growth and profitability, and, of course, innovation. At the very least, it's an economic recovery plan as well as a way to make modest progress against the malicious and destructive hackers.

Do you think that innovation is the cure for security ills or just enforcing effective policies and procedures? Use TalkBack to let your fellow ZDNet readers know what you think. Or write to me at dan.farber@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.

Editorial standards