The turn of the millennium saw significant change in the world of computing, with the adoption of the Internet and growing personal computer use in industry and at home. The changes fueled further adoption of technology, significant innovation and empowerment of literally billions of people around the world. The 10 years after the millennium have been referred to as the "Digital Decade."

The year 2000 welcomed a number of technological innovations that kicked off a decade of increasing capabilities at decreasing costs. Recommended hardware when Windows XP released was 128 MB of memory, at least 1.5 GB of available disk space and a Super VGA adapter that supported at least 800x600 resolution. Smartphones surpassed this specification within the decade.

By 2002, there were more than 500 million PCs in use worldwide, with significant growth in developing nations.

There were many predictions at this time about what the Digital Decade would bring; in an essay from October 2001, Bill Gates stated:

"The innovations of this decade will be more than just a handful of new features. They’ll transform the way the PC fits into our lives, and the way we think about computing. You’ll still have a PC on your desk at work, but it will be at the center of a range of devices that bring the power of the PC to you, wherever you are. You’ll carry a tablet-sized PC to meetings and take notes on it by hand, then search, organize and share those notes electronically. If you’ve missed a meeting, you’ll be able to review what happened and search for the parts that are relevant to you. When you travel, you’ll be as productive as you are in the office, with access to the same information and capabilities as your office PC."

Many predictions about the impact of technology on our everyday lives have come to fruition, especially coupled with the expansion of the Internet and more recently enabled by a range of online services and applications described as cloud computing.

The Internet can trace its origins back to the Defense Advanced Research Projects Agency (DARPA) in the 1960s, commissioned by the United States government in collaboration with academic and private commercial organizations to build fault-tolerant and distributed computer networks.

The development of HTML and Web servers in the 1990s created a new opportunity for organizations to connect with customers. Commercialization of the Internet has resulted in the development of many new technologies and led to significant growth of not only users, but Web servers and new services like online travel, books and banking. The commercial growth of the Internet, often referred to as the dot-com bubble, burst in the early 2000s, leading to the failure of many Internet companies and stock market drops around the world.

Despite slowing economies, the post dot-com era saw people switching to online shopping, banking and gaming due to communications improvements, such as broadband and mobile access that were helping connect people, devices and data together. According to the United Nations, in 2000 an estimated 6.4 percent of the worldwide population was using the Internet.

In the late 1990s, the vast majority of mobile phones had only basic phone features. Many people who wanted mobile email and Internet also carried Wi-Fi-enabled devices such as personal digital assistants (PDAs). The early 2000s saw the launch of many new Internet-enabled, faster smartphones, which coupled with the introduction of 3G wireless technologies, encouraged growth of mobile Internet use.

Web applications continue to become richer in content, graphics and video over time, driving standards innovation such as HTML 4 and third-party tools such as Adobe Flash and Apple QuickTime. This richer online experience in turn drives higher bandwidth requirements, greater storage of data and faster processing of information.

With the proliferation of higher bandwidth availability through more devices, richer Web applications and the growth of e-commerce, the Internet was fast becoming an indispensable part of our everyday lives.

In response to malicious software such as Blaster, which first came on the scene in August 2003, the Microsoft “Protect Your PC” consumer guidance was launched to provide the general public with straightforward computer security steps. The guidance provided information on avoiding malicious software through keeping computers up-to-date, installing (and turning on) antimalware tools, and utilizing safer computer user practices.

Helping families enjoy a safe online experience, keeping computers clean of malicious software and protecting information are all critical tenants of online safety, especially as technology continued to become an integral and indispensable part of society.

As the security threats have evolved, so have the tools, practices and collaboration of those working toward building a safer Internet. Recent research has validated that much of the malicious software that infects computers today can be avoided through practicing basic computer hygene. This includes keeping your computer up-to-date and using the latest versions of software such as antimalware tools and Web browsers. the “Protect Your PC” advice is just as relevant today as it was when the guidance was originally released.

Across the world, individuals, organizations and governments are collaborating on providing clear, timely and consistent guidance. This collaboration has given rise to new tools, standards and regulations to help deal with threats from viruses and other malicious attacks. The guidance on the Microsoft Safety and Security Center now covers Computer Security, Digital Privacy and Online Safety and is a central repository for guidance on a range of threats seen today.

In January 2005, Microsoft developed the Software Update Validation Program (SUVP) to enable testing of application compatibility, stability and reliability of upcoming software updates in simulated production environments. The program provided a small number of dedicated, external participants with limited and very controlled access to security updates.

Microsoft provides support for business and developer products for 10 years after product release, and consumer, hardware and multimedia products for five years after product release. Implied in this support commitment is Microsoft’s assurance that security updates work with products that are supported at the time the security update is released.

Accomplishing such an engineering feat requires extensive testing that can involve numerous product versions in many languages, as well their service packs. In addition, Microsoft conducts application compatibility testing involving thousands of the world’s most popular third-party software products. Microsoft typically includes up to 3,000 of the most commonly deployed applications in these test matrices to help minimize disruption to customers.

Participants of the SUVP program receive the security updates for testing before their release through a private, secure distribution channel. Participants then test these updates under a test plan that is jointly agreed on by Microsoft and the participant. Participants are restricted to deploying the updates only in test environments. In addition, participants must commit to using dedicated teams to provide ongoing feedback to Microsoft.

Microsoft instituted the SUVP based on customer feedback and our strong commitment to help produce higher quality security updates for customers. Through the SUVP, Microsoft has been able to collect real customer feedback on update quality to incorporate into the development of the final security updates. That feedback has led to significantly increased quality and better customer experiences in deployment.

In 2005, the Microsoft Malware Protection Center (MMPC) was established to consolidate Microsoft’s antimalware research and response expertise into one single organization. The MMPC delivers global malware research, response and protection capabilities to help protect customers worldwide from emerging and existing threats. The team includes some of the most experienced and well respected antimalware researchers from across the industry.

Given the volume of malicious software such as viruses, worms, Trojans at that time, and customer need for a more effective global response to these threats, Microsoft consolidated its antimalware efforts. It was very important to be able to respond through a worldwide team and collaborate with researchers, software vendors and law enforcement organizations around the globe to stay ahead of these threats and help protect customers.

Research and development work at the Microsoft Malware Protection Center (MMPC) supports a wide range of Microsoft products and services. By receiving telemetry from hundreds of millions of computers and operating a global network of research and response labs, the MMPC can often identify and mitigate new threats within hours of their discovery.

The MMPC team works closely with product teams at Microsoft to help ensure that products have the latest antimalware definitions and can provide accurate and actionable telemetry that can be used for further research.

In addition, the MMPC engages widely within the antimalware industry. It collaborates with researchers, partners, competitors and independent software vendors (ISVs) worldwide. It also works with law enforcement organizations that seek to apprehend criminals.

Microsoft has created two accessibility frameworks: Microsoft Active Accessibility and User Interface Automation (UIA). These frameworks provide a consistent way for programmers to exchange information about an application’s user interface (UI) and specialized assistive technologies used by a person with a disability. For example, UI Automation allows a screen reader to use text to speech to speak the menu options in a window and describe its contents to a person who is blind.

The most recent framework introduced in November 2005, UIA, provides a consistent way for assistive technology products to provide information about the UI to end users and to interact with that application by means other than a keyboard (for example, using speech recognition software to dictate an email with your voice).

In addition to the development of UIA, Microsoft has created internal accessibility standards to provide guidance for engineering teams creating accessible products, services and communications for customers and partners.

Building accessibility into products and services from the beginning by leveraging frameworks such as UIA reduces the cost and complexity of development — enabling the software industry to create applications and devices that are more accessible for everyone.

In August 2006, the first Security Intelligence Report (SIR) provided Microsoft customers and partners with highly relevant and accurate security data about malware trends and exploits. The report focused on the first half of 2006 and was designed to be the first of a series published every six months. The first SIR was based on a white paper titled "MSRT: Progress Made, Lessons Learned."

The SIR provides data from a variety of antimalware tools and online services.

Highlights from this report include these:

• Social engineering continues to be a popular means of spreading malware, especially when sent over email and peer-to-peer (P2P) networks.
• Backdoor Trojans and bots continue to comprise a significant percentage of the malicious software detected by Microsoft antimalware offerings and therefore serve as a top threat to consumers and businesses alike.

To learn more about the Security Intelligence Report, please visit www.microsoft.com/sir.

In 2007, customers and people in the privacy community were becoming increasingly interested in the privacy implications of online advertising, behavioral targeting, and the personalization of online services.

Based on interest from customers, partners, educators, and advocates and regulators, Microsoft had in February 2007,previously publicly released its Privacy Guidelines for Developing Software Products and Services and layered privacy notices. The public guidelines were drawn from the company’s experience incorporating privacy into the development process and reflect customer expectations and global privacy laws.

In July 2007, Microsoft introduced an enhanced set of privacy principles for Live Search and online advertising data collection, use and protection. The enhanced set of privacy principles for Live Search and online advertising outline how data is collected, used and protected. The principles outlined enhanced steps to help protect the privacy of Windows Live users, including making search query data anonymous after 18 months by permanently removing cookie IDs, the entire IP address and other identifiers from search terms. Microsoft also works to give customers more control over what information it uses to personalize their online search experience.

The Microsoft privacy principles for Live Search and online ad targeting included the following:

• User Notice
• User Control
• Search Data Anonymization
• Minimizing Privacy Impact and Data Protection
• Legal Requirements and Industry Best Practices

As part of its Trustworthy Computing efforts, Microsoft has maintained a strong commitment to helping protect the security and privacy of its customers. The enhanced privacy principles build upon the company’s work over the past several years to advocate for comprehensive federal privacy legislation in the United States and more consistent public policy worldwide to help protect consumers. The principles provide customers with guidance and technology to help provide for a safer online experience, and build privacy into the company’s software development process.

In August 2008, Microsoft introduced the Microsoft Active Protections Program (MAPP) to help protect computer users from criminals attempting to exploit software vulnerabilities. MAPP members comprise more than 80 security software providers worldwide who receive early access to Microsoft’s security vulnerability information.  By obtaining this information early, partners gain additional time to build security software protections, which are often released at the same time Microsoft releases its updates.and typically release their own security software protections when Microsoft releases its security updates.

Before MAPP, security software providers received vulnerability information at the same time as exploit code writers when information was released publicly. As it takes time for customers to deploy security updates, the release marks the start of a race between individuals with malicious intent and security software providers, where one side develops attacks while the other side tries to provide interim customer protections until security updates can be applied.

With advance access to vulnerability information through MAPP, partners report that the protective process takes less time and that their developers only have to write the detection code because everything else is provided. The result is that protections are typically released hours ahead of any exploit code, which means that customers are better protected hours ahead of even the most focused attackers.

Given the evolving threat landscape, the solution to a security problem is often not found in one company, individual or technology. In 2010, Microsoft and Adobe Systems Inc. began collaborating on an initiative to distribute detailed vulnerability information for Adobe software to the MAPP partners. This has given security vendors an opportunity to provide quicker and more effective protections to their customers before Adobe deploys its security updates, just as MAPP has done for Microsoft software.

In October 2010, Microsoft joined a large coalition of government agencies, businesses and nonprofit organizations behind the slogan Stop. Think. Connect, which is the first unified public awareness message focused on online safety.

Coalition members included companies such  as Microsoft, Facebook, Google and Intel. It was led by organizations such as the Anti-Phishing Working Group, the National Cyber Security Alliance  and government agencies such as the U.S. Department of Commerce, the Department of Homeland Security and the Federal Bureau of Investigation.

The campaign includes a series of online safety tips for consumers. The coalition based its work on extensive research about consumers’ knowledge of and attitude toward online safety. The guidance in summary includes:

STOP. THINK. CONNECT.

When you cross the street, you look both ways to make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — Stop. Think. Connect.

Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

STOP. THINK. CONNECT. Protect yourself and help keep the Web a safer place for everyone.

Internet-connected devices and applications are a part of many of our lives today, from smartphones and tablets using cellular networks to Wi-Fi availability throughout the world. These devices run applications that have become important from social networks to location-aware mapping and more.

Over the past few decades, the PC became the primary tool used by office workers to get their work done. Those PCs were purchased, configured, managed and maintained by the IT department. People used separate technology at home and at work. Personal lives generally were left outside of work, and work activities generally were restricted to working hours. However, as a rapidly evolving technology landscape changes, so has how people use technology and where. We have more of everything — devices, applications, choice — and we’re now connected to the Internet and each other all the time.

The always-connected nature of today’s technology has made it possible to work from anywhere and to bring our personal lives into the workplace. The boundaries between work and home are blurring. People expect more choice in the technology they use for work. They want to use the same tools at work as they do at home. This has led to new technology trends in the workplace: employees using their own home PCs for work and formal “bring your own PC” programs; the increasing use of other devices for work including smartphones, slates and tablet PCs; and the growing popularity of social networking and cloud applications in the workplace.

This proliferation trend is expected to continue and presents increasing challenges of maintaining security, privacy and reliability of the products, services and devices we use today and in the future.

As more people, computers and devices come online, cyberthreats grow more sophisticated in their abilities to gather sensitive data, disrupt critical operations and conduct fraud. Cybersecurity remains a top priority for governments, policymakers and citizens around the world. Cybersecurity and the overall health of the Internet will continue to be a key element in national, economic and civil society.

The Internet now reaches a worldwide population of more than 2 billion people, and the foundations of modern society are becoming digital. Governments around the world have expressed concern that the critical information infrastructures that support their countries could be targeted.

In the shared and integrated domain of the Internet, organizations, governments and consumers face a myriad of threats. These threats are anything but static and are often characterized as technically advanced, persistent, well-funded, and motivated by profit or strategic advantage. In response, many countries have sought to improve critical information infrastructure policy, to build effective information sharing and collaboration capabilities that addresses threats and vulnerabilities, and to coordinate on responses to increasingly complex cyberincidents.

There is a growing awareness and support for increased international collaboration on cybersecurity. Recently many governments around the world have launched initiatives, offices and programs to help protect cyberspace. Many industries and corporations, including Microsoft, are investing in such efforts to help governments, industry and individuals better reduce and manage risks that result from the uncertainty of the rapidly changing threat landscape.

Collective Defense: Applying Public Health Models to the Internet.