SAN FRANCISCO, Calif. -- Phishing and Trojan horses and bot nets, oh my.

Software titan Microsoft announced on Tuesday at the RSA Security Conference that the company had launched its End-to-End Trust initiative, a long-term project to find ways to enhance security and privacy on the Internet and make consumers feel safe in the face of digital threats. The announcement, which came on the same day that the software company released eight patches, is not a product or service but a statement of the software maker's future direction, Steve Lipner, Microsoft's director of security engineering strategy, told SecurityFocus.

"There are still phishing attacks, still spam, still identity theft -- these are things that concern people," Lipner said. "It is time to go to the next level of building trust on the Internet."

The End-to-End Trust initiative consists of three strategies: first, strong hardware and software security similar to the Trusted Computing platform; second, better authentication of users' identity, including allowing consumers the ability to authenticate certain attributes -- for example, that they are 18 years or older; and third, developing policies and economics so that consumers and businesses have an incentive to use the technological infrastructure.

The announcement came on the same day that Microsoft released eight patches -- including five critical updates -- to fix ten vulnerabilities in its Windows operating system and software products. The company closed two security holes in Microsoft's graphics device interface (GDI) that could be exploited using a specially-created image file and a flaw in the way Windows decodes JScript and VBScript embedded in Web pages.

"Today's Microsoft patches underline the risk of surfing the Web unprotected," Dave Marcus, security research and communications manager at McAfee Avert Labs, said in a statement. "Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious Web site, a favorite attack method among cybercriminals."

The updates can be downloaded through Microsoft's Windows Update service.

If you have tips or insights on this topic, please contact SecurityFocus.