Interview: Microsoft security chief's new vistas

Ben Fathi knows a thing or two about security. He spent the first half of his 24-year career working as an operating system developer, before moving to management. Before being named head of Microsoft Corp.'s security group, he was the executive responsible for the Server Message Block (SMB) file-sharing protocol, which has had its share of security issues.

His new job as corporate vice president of Microsoft's Security Technology Unit will give him a higher profile outside of the company. He's in charge of Microsoft's response to hacker threats, and he must also lay out the overall security strategy, as developers put the finishing touches on the highly anticipated Vista and Windows Server "Longhorn" products.

Though Fathi claims that he's not as strong a spokesman as his predecessor, Mike Nash, this seems like false modesty. In one of his first interviews since beginning his new job this month, he spoke at length on the wide range of issues before him as he works to keep Microsoft one step ahead of the bad guys. Following is an edited transcript of his interview.

IDGNS: What would you like to achieve a year from now, as head of the security group?

Fathi: One of the areas that I'm really passionate about in security is what we call a trust ecosystem. What I mean by that is taking security from where it is today, where it's viewed by a lot of customers as a defensive technology -- it's seen as a way of blocking bad things from happening on your machine -- and taking that and turning it around into a technology that really enables you to do things securely and seamlessly without having fear. So you can take things like documents and share them with your friends and family or with workers in other companies securely.

We've made a lot of investments in that space, such as ActiveDirectory Federation Services and Rights Management Services. We've made the first steps, but we need to take that a long way, both in the consumer space and in the enterprise space.

I don't know if we're going to have something a year from now. I think for the next six months or so we're going to be concentrating on Vista and then Longhorn server. But that's something that, as we look at post-Vista planning, I've been pushing the team to look at and invest in heavily.

IDGNS: Beta testers have complained that some of Vista's security features make it to too hard to use. How much of a hit will ease-of-use take because of security?

Fathi: A lot of the comments that you've seen in blogs and articles are centered around User Account Control, [UAC] and we took a lot of those comments to heart. We have talked to enterprise customers and we have talked to consumers. And for Beta 2, we've significantly reduced the number of dialogs. For RC1 and RTM we've also continued to do that work. We've added instrumentation into the system so we can monitor the top 100 apps that are having dialogs and pop-ups happen, so that we can work with those ISVs. And in some cases, we actually shim those apps internally. So you will see a large percentage of those problems go away as we get closer to RTM and as we get millions of people using the beta. [RC1 is Release Candidate 1, a follow-up test release of Vista expected later this year. RTM is Release to Manufacturers, the completed version that PC vendors install on their machines.]