Microsoft Chairman Bill Gates surprised analysts Tuesday during his keynote address at the RSA Conference 2005 security show in San Francisco, announcing that his company would offer its AntiSpyware product to consumers for free and issue a major new version of Internet Explorer (IE) for Windows XP Service Pack 2 (SP2) users later this year. Previously, Microsoft had pledged to not ship a new IE version until Longhorn, which is due in May 2006.
"Our primary goal is to improve security and safety for all our customers--consumers and businesses, regardless of size--through a balance of technology innovation, guidance and industry leadership," Gates said. "We're committed to continued innovation that addresses the threats of today and anticipates those that will undoubtedly emerge in the future." In addition to the AntiSpyware and IE news, Gates also pledged to release a paid, managed version of Microsoft AntiSpyware for businesses, announced the completion of the long-delayed Internet Security & Acceleration (ISA) Server 2004 Enterprise Edition, and briefly discussed the company's antivirus plans.
Microsoft's decision to release Microsoft AntiSpyware for free is a good one: Arguably, the many security problems in its IE application are largely behind the growing malware threat that Windows users face today. "Spyware ... is something we need to nip now," he said. "We made the decision that all of our Windows licensees should have [antispyware] capability." Gates noted that over 6 million people have downloaded the free Microsoft AntiSpyware beta since it was released in January. He also noted that the free Malicious Software Removal Tool, which is automatically downloaded from Automatic Updates and Windows Update, has been installed and run on over 133 million PCs since the first version shipped in January.
News of a new IE version--which Gates says will be called Internet Explorer 7.0--was also unexpected, mostly because the company had routinely denied that it could possibly ship such a program. As recently as November 2004, Microsoft Director of Windows Product Management Gary Schare went on a press tour to discuss misconceptions in the press about Internet Explorer security and he told me at that time that Microsoft would not ship a major new IE version until Longhorn. That's all changed: Responding somewhat gallantly to the requests of customers, Microsoft is instead changing its browser strategy and will release IE 7 in 2005.
Now, the decision to ship a new IE version comes with many caveats. First, IE 7 will only be made available to Windows XP Service Pack 2 (SP2) users: Customers using previous versions of XP or other Windows versions need not apply. Microsoft justifies this decision by noting that only XP SP2 includes the secure underpinnings necessary to help secure IE 7. Also, while Gates noted that IE 7 will include major new security enhancements, including technologies to combat phishing, malicious software and spyware, he was tight-lipped about whether IE 7 would include major new functionality. Many customers, for example, have been asking Microsoft to add the tabbed browsing capability that is common in other browsers, such as Mozilla Firefox. Finally, Gates noted that the same IE 7 version its shipping later this year would be rolled into Longhorn in 2006.
As far as Windows XP SP2 goes, however, Gates had nothing to report but success. There are now over 170 million copies of XP SP2 distributed to customers worldwide, Gates said. And 77 percent of the 800 enterprise customers Microsoft polled recently told the company that they are committed to deploying XP SP2 within the next 6 months.
Gates also announced that a beta version of Microsoft Update, the online Web service that will eventually replace Windows Update and add support for updating all supported Microsoft applications, servers, and services, will appear in mid-March. Also, the long-awaited Windows Update Services (WUS), which replaces Software Update Services (SUS), will ship in the first half of 2005: This tool will help small and medium businesses develop a patch management infrastructure in-house for free. And the Enterprise Edition of Microsoft Internet Security and Acceleration (ISA) Server 2004 is finally complete, Gates noted: ISA Server 2004 Enterprise Editions adds enhanced manageability, scalability and availability, according to the company.
As for Microsoft's expected antivirus solution, Gates had little to say. It will be a "broad consumer offering," he noted, and become available by the end of the year. That's a lot later than many had thought, with some analysts predicting that Microsoft's antivirus solution would soon ship in beta form at least. Gates never discussed licensing or pricing, nor did he offer many details about the enterprise antivirus product the company will offer based on Sybari technologies.
Despite the amazing array of security-related announcements, Gates didn't express much confidence that the company would absolutely be able to repel every electronic attack. "I'm very optimistic [that] we will be able to mitigate the security problems," he said. That's nice, but it's a far cry from an unequivocal pledge to end the pain Windows users feel.