In a move that clarifies a few of Microsoft's near-term and long-term security initiatives, but mostly reiterates already-discussed topics, chairman and chief software architect Bill Gates e-mailed a long letter—Progress Report: Security—to customers on Wednesday morning. This precedes both a series of security summits Microsoft will be holding in New York next week and an April 7 speech on security that CEO Steve Ballmer will give at the Center for Strategic and International Studies in Washington, DC.

"Only in the last few years have the Internet, high-speed connections and millions of new computing devices converged to create a truly global computing network in which a virus or worm can circle the world in a matter of minutes," says the e-mail, which also focuses on the changing types of threats coming from worms such as Blaster. The communiqué goes on to say that Microsoft is investing in four key areas to improve security: isolation and resiliency; updating; quality; and authentication and access control.

The discussion of isolation and resiliency mentions several security elements to be built into Windows Service Pack 2, slated for release in late spring or early summer. For example, the service pack will switch on Windows Firewall by default to reduce the "attack surface" of PCs and networks. Internet Explorer will be configured to automatically block pop-ups and unsolicited downloads unless a user clicks on a download link. The update will also take steps to obstruct the many viruses that cause buffer overruns, which copy excess data that includes malicious code into limited areas of a computer's memory. The e-mail concedes, though, that "no single technique can completely eliminate this type of vulnerability." Windows Server 2003 Service Pack 1, due in the second half of this year, will incorporate several of the Service Pack 2 security features that are relevant to servers.

Microsoft will also introduce a new technology, Exchange Edge Services, designed to block incoming and outgoing malicious e-mail and spam, defend against e-mail server attacks and email-borne viruses, and encrypt messages. In addition, the effort is designed to provide a foundation on which third-party developers can build technologies such as next-generation e-mail filters and e-mail encryption products, according to the e-mail.

To complement the existing Windows Update service, later this year Microsoft will add one called Microsoft Update to keep consumers up to date on patches for non-Windows products. And the company is working on Security Center, a technology that will be added to the Windows XP Control Panel and inform users about whether key security capabilities are turned on and up to date.

The e-mail from Gates rounds up several of the authentication efforts the company is making. It discusses support for smart cards in Windows Server 2003 and Windows XP, and says that "further out, the Tamper-Resistant Biometric ID Card system will provide an innovative, simple and affordable solution for providing cryptographically secure photo-ID cards using a unique combination of public key cryptography, compression, and barcode technologies."

The summits Microsoft is holding next week will be part of several new efforts to educate customers about its security initiatives. As part of that, the company has launched a Security Guidance Center for developers and IT professionals. The center will include checklists, tools, and other information. Consumers can find similar information at www.microsoft.com/security.

Gates's e-mail mostly discusses already-announced initiatives, but also rounds up some new ones, and he and Ballmer have previously said that security is the number one priority for the company's development efforts. "Security is as big and important a challenge as any our industry has ever tackled," the e-mail concludes. "Technology has come an incredibly long way in the past two decades, and it is far too important to let a few criminals stop the rest of us from enjoying its amazing benefits."