Ben Fathi knows a thing or two about security. He spent the first half of his 24-year career working as an operating system developer, before moving to management. Before being named head of Microsoft\u2019s security group, he was the executive responsible for the Server Message Block (SMB) file-sharing protocol, which has had its share of security issues. His new job as corporate vice president of Microsoft\u2019s security technology unit will give him a higher profile outside of the company. He\u2019s in charge of Microsoft\u2019s response to hacker threats, and he must also lay out the overall security strategy, as developers put the finishing touches on the highly anticipated Vista and Windows Server "Longhorn" products.Though Fathi claims he\u2019s not as strong a spokesman as his predecessor, Mike Nash, this seems like false modesty. In one of his first interviews since beginning his new job this month, he spoke at length on the wide range of issues before him as he works to keep Microsoft one step ahead of the bad guys. Following is an edited transcript of his interview.IDG: What would you like to achieve a year from now, as head of the security group?Fathi: One of the areas that I\u2019m really passionate about in security is what we call a trust ecosystem. What I mean by that is taking security from where it is today, where it\u2019s viewed by a lot of customers as a defensive technology\u2014it\u2019s seen as a way of blocking bad things from happening on your machine\u2014and taking that and turning it around into a technology that really enables you to do things securely and seamlessly without having fear. So you can take things like documents and share them with your friends and family or with workers in other companies securely. We\u2019ve made a lot of investments in that space, such as ActiveDirectory Federation Services and Rights Management Services. We\u2019ve made the first steps, but we need to take that a long way, both in the consumer space and in the enterprise space. I don\u2019t know if we\u2019re going to have something a year from now. I think for the next six months or so, we\u2019re going to be concentrating on Vista and then Longhorn server. But that\u2019s something that, as we look at post-Vista planning, I\u2019ve been pushing the team to look at and invest in heavily.IDG: Beta testers have complained that some of Vista\u2019s security features make it too hard to use. How much of a hit will ease of use take because of security?Fathi: A lot of the comments that you\u2019ve seen in blogs and articles are centered around User Account Control [UAC], and we took a lot of those comments to heart. We have talked to enterprise customers, and we have talked to consumers. And for Beta 2, we\u2019ve significantly reduced the number of dialogs. For RC1 and RTM, we\u2019ve also continued to do that work. We\u2019ve added instrumentation into the system so we can monitor the top 100 apps that are having dialogs and pop-ups happen, so that we can work with those ISVs. And in some cases, we actually shim those apps internally. So you will see a large percentage of those problems go away as we get closer to RTM and as we get millions of people using the beta. [RC1 is Release Candidate 1, a follow-up test release of Vista expected later this year. RTM is Release to Manufacturers, the completed version that PC vendors install on their machines.]We also did something that I just announced last night: the ActiveX installation service. This is something we\u2019ve heard from our enterprise customers. They want to have the ability for an administrator to have an MMC [Microsoft Management Console] where they can approve internal websites or partner company websites and list the applications that can basically be white listed. So standard users can install those. We have done that, and that will be available in RC1.The other issue that we have thought about for UAC is parental controls for the consumer space. That\u2019s also in Beta 2.So I agree with you that there\u2019s a certain amount of annoyance, but you can expect that with any product that in beta, and we are committed to significantly improving the usability of this.IDG: Is client security something that Microsoft ultimately wants to be selling years from now, or do you want to get to the point where the operating system is just secure enough?Fathi: If you look at OneCare, for example, OneCare is not just about security. It\u2019s about management; it\u2019s about taking over a consumer\u2019s machine and helping them in every way we can with everything from antivirus and antispyware to automatic backups, doing performance tuning, doing patch installation, and simplifying the overall management of that system. You\u2019re going to see complete management and simplification solutions from us, and one aspect of that is going to be security. Whether it\u2019s a big aspect or a small aspect is going to change over time. Some of those pieces of functionality will eventually make it into the OS, and we\u2019re going to look for other things we can do in a management solution to simplify people\u2019s lives.IDG: Right, but on the corporate side you have Forefront Client Security, which doesn\u2019t do management. Either way, some of the things you talk about sound like features I would want in my operating system. Do you really think that it\u2019s going to be necessary to sell this type of product five years from now?Fathi: I don\u2019t know. We\u2019ll let the customers decide. That\u2019s what it\u2019s all about. Let them have the choice and see what their feedback is, and continue to innovate in those spaces.-Robert McMillan, IDG News Service (San Francisco Bureau)Related Links:\n\n\n\nMicrosoft Security Becomes \u2018Forefront\u2019This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.