Ballmer: Have To Assume Code Will Be AttackedBallmer: Have To Assume Code Will Be Attacked

Microsoft CEO Steve Ballmer reiterated the company's commitment to improving the security of its products this week in Washington, D.C., where he met with Secretary of Homeland Security Tom Ridge and other government officials. Speaking at a luncheon on Wednesday, Ballmer said security is not just one priority but "the top priority" at Microsoft.

He said he's spending a significant amount of the company's $7 billion R&D budget on security measures. Microsoft is creating "isolation" tools that rebuff malicious code and make PCs more resilient to attack, making software updates easier to do, and engineering software with security in mind. "Code needs to be written with the assumption it will be attacked," Ballmer said.

While Windows 2003 has generated 75% fewer security bulletins in its first 11 months than its predecessor, Ballmer acknowledged that there has been a "dramatic increase in the frequency, boldness, and sophistication" of hacker attacks. "These are crimes that we need to anticipate and act against."

While there are no plans to include antivirus software in future operating systems, Ballmer says, Microsoft "can't be close-minded about" it. For the time being, the company will continue to work with RSA, Symantec, and other security-software vendors.

Looking at larger security issues, the head of the Center for Strategic and International Studies, which co-sponsored the luncheon, said homeland security is a public-private endeavor. "The private sector has to lead," said John Hamre, CEO of the Washington think tank.

For his part, Ballmer said government not only has a pivotal role in collaborating with private industry on research and consumer education but also in implementing a criminal-justice system that deters hackers.