Microsoft's Mundie on Trustworthy Computing, Palladium and the competition

Computerworld - Craig Mundie, chief technical officer of advanced strategies and policy at Microsoft Corp., has responsibilities that span the company's entire product line. Most recently, he has become Microsoft's chief spokesman on its Trustworthy Computing security initiative.
The following are more excerpts from Mundie's interview with Computerworld reporter Carol Sliwa.

Was the Visual Studio tool affected much by security breaches in the past? In an ironic way, it turns out yes. It had issues. For example, the old version of Visual Studio before the .Net version had a built-in capability where it used the IIS [Internet Information Server] Web publishing capability to allow collaboration between developers. The number of developers who used that feature to collaborate wasn't very high. But what it did is it actually forced the installation of the IIS server on every desktop of every developer.
When we discovered that the full IIS suite had a bunch of security issues in it, you could say it would have been bad enough if it was just all the servers that had to be administered and patched. But in some sense, you had to go back and patch every desktop of every developer who had installed that thing. Why? Because the default was to install the feature, and even though it was a relatively lightly used capability, they were all out there.
So there you see the kind of changes that come about when we get people's heads to change. We want minimum attackable surface area, maximum security by default, and that actually affected the design of Visual Studio .Net.

Why do you think other companies haven't focused on security to the degree that you say you have? I don't know. I mean, you have to admit that the last year has been kind of a tough year for folks. Doing this takes extra time and costs real money, and to some extent, this has not been a year where most companies are looking to hire extra people, spend extra time and spend more money.
I think, in a way, it shows the mettle of Microsoft in terms of our willingness to keep investing in R&D, even when things are really, really tough economically. And I think it is a hallmark of the company. I think it will be something that distinguishes us in the years ahead.

How would you grade Microsoft's progress? In some ways, I actually think we've done better than I expected, because frankly, if you'd asked me a year ago, "Would we really be able to