Rolling a boulder up a steep hill, one that threatens at any moment to roll back on top of you, would be more attractive to many people than the job Mr Detlef Eckert holds, writes Karlin Lillington
Indeed, many people would say that his job as senior director of Microsoft's Trustworthy Computing initiative in Europe, the Middle East and Africa (EMEA) consists in doing just that.
"It's a huge effort," he says of Microsoft's drive to address security concerns about its products. "One incident destroys everything you have achieved."
By incident, he means yet another high-profile virus or worm ripping through the internet world, or a highly visible hacking attack.
Because Microsoft's Windows operating system resides on more than 90 per cent of personal computers and more than half of corporate servers, it is the target of choice for malicious attacks. Every one of the top 10 viruses last year were aimed at Windows machines.
Microsoft defenders say that if Linux, or Apple's OS X operating system were as dominant, they would be on the receiving end of such hacker nasties, rather than Windows. Critics, however, say that Microsoft code and the way products are designed leave exploitable holes everywhere, creating a security quagmire.
Whatever the reality - and computer security experts have not been shy in their criticisms of Windows - by 2002, Microsoft realised it needed to push computing security to the top of its agenda both in public relations and corporate strategy terms. The result was Trustworthy Computing, its top-to-bottom effort to tackle security issues across its Windows operating system and software programs.
The company defines Trustworthy Computing as "a complex, long-term global challenge that will involve fundamental changes in computing technology, policies and practices to improve security, privacy, reliability and business integrity".
Mr Eckert spends half his time working with Microsoft in the EMEA region to help develop the Trustworthy Computing programme. The other half is spent travelling to visit customers, speaking at conferences and talking to Microsoft partners.
"The idea is to drive the strategy so the efforts and progress are well-communicated," he says, noting that his regular commute is from his home in Brussels via high-speed train to Microsoft's Paris offices.
His family's Brussels base is a connection back to his previous job within the European Commission - he was plucked, rather controversially, to work for Microsoft after having been involved with some of the EU's anti-trust action against his current employer.
A year on, he is sanguine, saying he enjoys his high-pressure job and bringing a polite, be-suited, organised approach to a job many would hate.
Isn't it hard to go in and talk to people about Microsoft and security when another Windows virus has just clogged up the internet and brought down computers worldwide?
"The road to trusted security is bumpy," he says. "And it's not just Microsoft's problem."
He doesn't press the latter point, simply noting that Microsoft is working with other key technology companies to find ways to improve computing security overall, which ultimately will involve a total rethink of computing, he believes, from chip and hardware design to the way software is coded and programs are run.
But for now, Microsoft's burden, ironically, is its millions of users, who want their old Microsoft programs to run smoothly on newer versions of Windows. That makes it difficult to dump an increasingly complex (some say, bloated) operating system, which runs to 50 million lines of code - some of it two decades old.
Microsoft's response through Trusted Computing is to take three steps towards achieving greater computing security, Mr Eckert says: reducing vulnerabilities; improving the management of the patches it issues to repair holes in code; and mitigating risk.
Microsoft is reviewing every line of code for Windows and other products, with 18,000 developers engaged in such work. Mr Eckert says the company has restructured its entire development process so that code is thoroughly combed as programmers work on products.
To make patches more manageable, they will be issued monthly, unless a particularly pressing security risk arises, he says. He accepts that patch quality has been an issue, noting Microsoft will take more time to ensure patches are roadworthy before they are released.
"But security is not only a technology issue, so it can't only be resolved through patches and code," Mr Eckert says. "It also involves the users and user education."
To that end, the company has set up a series of roadshows with corporate customers and, next month, will introduce an education programme in the Republic for retailers, the media, and schools to highlight computing security.
More dramatic changes will come in new service packs, as Microsoft starts to nudge users towards more fundamental changes in how programs run. Users will start to see "hardware and software playing together" to lock down programs and PC architecture against security breaches.
Mr Eckert rejects critics' accusations that the company will use such developments to also lock-in users to Windows - for example, making it difficult to switch to Linux because Word documents will need individual, Microsoft-issued certificates to unlock them.
Microsoft is not going to track users through chip and operating system surveillance or digital rights management tools, he says.
"From a technical point of view, this is absurd. But it's a story that sells well," he says.
