BF: There are six different areas that we call “Big Bets” that have been identified in my division. I will mention two. The first, Application ID, is a way to identify an application that includes an executable, the library it uses, configuration files, registry settings, any patches that are applied to it. So you’ll have a cryptographically signed version of the application, and you’ll be able to identify that and whitelist or blacklist that.
When we talk about a trust ecosystem today, the ability to trust people based on an ID and trust machines based on an ID, we can’t do that with applications. If it’s called powerpoint.exe, we go and run it. So having strong IDs based on the application and [making] sure they haven’t been tampered with after download is an important investment for us.
The second area is isolation. Creating guest operating systems that sit on top of hypervisors allow us to create better isolation mechanisms so that even if malware comes in, it only affects one subset of the machine and not everything else. We’ve done some great work on server hypervisors and server virtualization. We need to extend that to the client. We’re seeing partners do that already, and so we’re going to invest in that space.