 |
 Microsoft makes its software more secure
April 4, 2004
"Given human nature, evolving threat models and the increasing interconnectedness of computers, the number of security exploits will never reach zero," writes Bill Gates, Microsoft's chairman in a Microsoft Progress Report, the latest in a periodic series of letters on major technology issues e-mailed to Microsoft customers. "But we can dramatically blunt the impact of cybercriminals and are dedicating a major portion of our R&D investments to security advances."
The Progress Report states that the number of major security bulletins issued in the first 320 days of availability for Windows Server 2003 was nine, compared with 40 in the same period for its predecessor, Windows 2000 Server. The same tendency is shown by other server applications like SQL 2000. Also, Service Pack releases also reduce number of reports by about ten percents.
On the desktop, major security improvements are planned to Windows XP with the upcoming release of Service Pack 2, including default use of Windows' built-in firewall and memory management technology to help fight exploitation of "buffer overruns," a common avenue for virus attacks.
Microsoft has also improved the delivery of software patches with the new Windows Update Services and System Management Server, a collection of tools designed to let information technology managers quickly test and deploy updates.
Security professionals confirm that Microsoft's Trustworthy Computing initiative may finally be improving their lives because the latest patches and fixes being distributed by Redmond rarely break other applications.
David Merry, senior network engineer at UK consultancy Polar Computer communications, said the change in Microsoft's policy is working well: "We see that Microsoft's patches do tend to be more reliable and cause less interference with our client's machines than they did in the past. We are all seeing that security is a bigger issue - in Windows 95, accessibility was the key but there is more focus now".
However, there are still problems with security updates. Sometimes closing security gaps causes unpredictable problems and side effects. In February, for an instance, Microsoft released a patch for Internet Explorer to stop the browser from being used to fix a URL spoofing flaw. But the update also stopped certain URLs from being used to access password-protected Internet resources, which was a relatively common practice. However, we should note that the patch was released in emergency and outside of the monthly patching cycle, which could be possible reason for these faults.
|
|
