 |
 Microsoft plans to redouble its security efforts
October 14, 2003
Media giant will focus on adding new security technologies to its software products, educating its users and improving its process of releasing security fixes, CEO Steve Ballmer announced last Thursday.
Ballmer told attendees during a keynote address at the Microsoft's first Worldwide Partner Conference in New Orleans that the company will redouble its efforts to secure its customers.
The first measure Microsoft will bring in is to decrease the frequency of publishing "non-critical" security notices from a weekly to monthly basis unless the security flaw needs to be fixed without delay in order to help customers avoid an attack.
It also plans to re-engineer its Windows operating system to make it less vulnerable to buffer overflow attacks - the most common form of hacking - and to make it easier for companies to install firewalls.
The moves are part of Microsoft's Trustworthy Computing initiative to improve IT security.
The pledge comes as Microsoft is trying to recover from the recents security accidents. In August and September, the MSBlast worm likely infected more than a million machines that run Microsoft Windows.
The SoBig.F worm also spread widely during those months, compromising many more systems.
Microsoft is also going to educate its customers to help them become more secure. Monthly Webcasts will be published on the company's site to guide customers through good security practices, and the company will use itself--in a series called "How Microsoft secures Microsoft"--as an example to teach system administrators ways to secure their systems.
In order to reduce the damage caused by buffer overflow vulnerabilities, Microsoft planned to make major changes to the way Windows handles memory management. In the service pack for Windows 2003, to be released this quarter Microsoft has rewritten memory management to use a feature in PC processors that alerts the operating system to a buffer overflow.
The final change is to Internet Connection Firewall built into Windows XP operating system. Although internet firewall software is provided, Microsoft believes many corporate users avoid using it as it cannot be managed centrally. This option has now been added.
"What we learned from customers is that it is not an easy process to secure their systems," said Neil Charney, director of product management for Microsoft's Windows client group.
Despite this new manifesto many security experts doubt things will change fast and believe this pledge is just putting a good face on things, in other words, just a PR-trick.
|
|
