By Matthew Fordahl
The Associated Press

SAN FRANCISCO - Microsoft Corp. chairman Bill Gates, whose company's software is often derided for being buggy and vulnerable to hackers, showed off planned features for shoring up its programs and heading off cyberattacks.

Progress is being made against viruses, network attacks and sloppy code that make systems vulnerable, Gates said. But, he added, a lot more work remains.

"The people who attack these systems are getting more and more sophisticated," Gates said Tuesday. "For every time we take a type of attack and eliminate that as an opportunity, they move up to a whole new level. That's not an unending process - we can make it dramatically difficult."

Speaking to thousands of security experts at the RSA Conference, Gates said Microsoft's Trustworthy Computing Initiative - unveiled two years ago after several embarrassing Windows flaws were exploited by viruses and hackers - is paying off.

In the first 300 days after the launch of the Windows 2000 Server operating system, 38 security bulletins were issued. The first major product released after the initiative, Windows Server 2003, has had just nine bulletins in the first 300 days.

"Everything we're doing has been impacted'' by the initiative, Gates said. "Over the past two years, we have made a lot of progress."

Gates showed off an upcoming Windows XP update that focuses on security improvements. Service Pack 2, which will be available later this year, includes a centralized control center where users can automatically check their computer's security status, such as whether all critical updates have been applied or whether antivirus software is running.

Unlike earlier Windows releases, Microsoft's firewall software will be turned on as part of the default installation. A firewall blocks intruders from entering a system.

In the new service pack, the Internet Explorer browser will now have a pop-up ad blocker as well.

Beyond the Windows service release, Gates also showed off "active protection technologies" that will gird Windows computers against attacks by sensing changes in the network that indicate virus activity. If a problem is detected, the computer's firewall will dynamically ratchet up defenses.

A number of companies at the conference were showing products geared toward detecting unusual activity in networks.

Microsoft isn't limiting its fixes to its operating system. The company also plans to update its popular Visual Studio development software so that, for example, code can be scanned for potential problems as it's being written.

Gates also said e-mail spam - which often contains viruses or is sent from infected computers - is being targeted. He proposed technology that would confirm the sender of an e-mail is authentic. "Caller ID for E-Mail" will be tested in the company's Hotmail service, he said, without providing a specific time frame.

Gates said Microsoft is working with governments and companies by sharing its software source code, or blueprint.

Gates also announced a deal with RSA Security Inc. to make it possible for companies to use a more secure system than simple usernames and passwords to log into Windows computers.