Microsoft promises new initiatives on security

Posted on 9 Oct 2003 at 17:43

Microsoft CEO Steve Ballmer has promised new initiatives on software security. Speaking at Microsoft's annual Worldwide Partner Conference, in New Orleans, he announced 'new programs and technology investments to be delivered over the coming months'.

Three main points have been highlighted: improved patch management, 'global education programs' (and tools) and new technologies for Windows XP Server 2003 to make them less vulnerable to attacks.

'Our goal is simple: get our customers secure and keep them secure,' said Ballmer. 'Our commitment is to protect our customers from the growing wave of criminal attacks.'

Improved patch management has been seen as a long overdue delivery from Microsoft. As well as a move to issuing monthly patch releases - intended to add a level of predictability and manageability - new tools were announced. These include the free Software Update Services 2.0, to be released in the first half of 2004, to provide a 'seamless' patch, scanning and installation service for Windows, SQL Server, Office, Exchange Server and Visio.

As expected, Microsoft has also formally committed itself to consolidating the number of patch installers to just two, for Windows 2000-generation products, by the first half of 2004. It will also introduce a rollback capability for new patches and attempt to reduce downtime by requiring 30 per cent fewer reboots during deployment.

Rather less tangibly, Microsoft is promising, on a worldwide basis, the availability of new security seminars and training for customers.

Conceding that patches and guidance are only part of the problem, Ballmer acknowledged Windows XP and Windows Server 2003 must 'evolve' to become more resilient, for example protecting users from attacks even if patches do not exist or have not been installed.

More specifically, he said, Microsoft will focus on protections against the four types of attacks that create the largest percentage of threats: port-based attacks, e-mail attacks, buffer overruns and malicious Web content.

He promised that such 'safety technologies' will first ship in Service Pack 2 for Windows XP, which is due in the first half of 2004, and subsequently in Service Pack 1 for Windows Server 2003.

On the Windows Server 2003 side of things, new technology will enable remote-access-connection client inspection and intranet client inspection. For use with corporate networks, the new facilities are intended to avoid potential infections introduced by mobile systems.

'Our goal is to enable increased protection and resiliency of systems and networks,' Ballmer said. 'Our highest priority is developing these safety technologies for our customers. This is a key area of focus for us.'

What do you feel about Microsoft and its security initiatives? Leave a comment via the link below.

Author: Alun Williams