Bruce Schneier and Adam Schostack of Zero Knowledge have penned a wonderful, balanced whitepaper laying out a security map for Microsoft's Trustworthy Computing initiative, spelling out, piece by piece, the root causes of the security problems in MSFT products, and a roadmap for mitigating them in the future.
Originally, e-mail was text only, and e-mail viruses were impossible. Microsoft changed that by having its mail clients automatically execute commands embedded in e-mail. This paved the way for e-mail viruses, like Melissa and LoveBug, that automatically spread to people in the victims' address books. Microsoft must reverse the security damage by removing this functionality from its e-mail clients, and from many other of its products. This rigid separation of data from code needs to be applied to all products.
Microsoft has compounded the problem by blurring the distinction between the desktop and the Internet. This has led to numerous security vulnerabilities, based on different pieces of the operating system using system resources differently. Microsoft should revisit these design decisions…
Office: Macros should not be stored in Office documents. Macros should be stored separately, as templates, which should not be openable as documents. The programs should provide a visual interface that walks the user through what the macros do, and should provide limitations of what macros not signed by a corporate IT department can do.
E-mail: E-mail applications should not support scripting. (At the very least, they should stop supporting it by default.) E-mail scripts should be attached as a separate MIME attachment. There should be limitations of what macros not signed by a corporate IT department can do.