Microsoft gets serious over security threats

9 Oct 2003

In response to the vast array of security threats caused by holes in Windows technology, Microsoft boss Steve Ballmer has outlined a series of initiatives aimed improving the company’s response to future threats.

Speaking at the company’s inaugural Worldwide Partner Conference, Ballmer outlined a number of measures ranging from improved patch management technologies and policies to global education and updates to Windows XP and Server that would make the operating system more resilient in the face of future worms and viruses.

“Our goal is simple: Get our customers secure and keep them secure,” Ballmer said. “Our commitment is to protect our customers from the growing wave of criminal attacks.”

In terms of boosting the management of patch management processes, policies and technologies, Ballmer announced that Microsoft will move to monthly patch releases, which will reduce the burden on IT administrators by adding a level of increased predictability and manageability. Ballmer also announced that Microsoft is extending security patch support for Windows NT Workstation 4 Service Pack 6a and Windows 2000 Service Pack 2 through to June 2004.

Ballmer highlighted new tools, including Microsoft’s free Software Update Services 2.0, which will be released in the first half of 2004 and will provide a seamless patch, scanning and installation service for Windows, SQL Server, Office, Exchange Server and Visio. Microsoft has also committed to consolidating the number of patch installers to two for Windows 2000-generation products by the first half of 2004, introducing rollback capability for all new patches, and reducing downtime by requiring 30pc fewer reboots during deployment in the same time frame.

Among the educational initiatives will be quarterly TechNet Security Seminars, free monthly security webcasts, deeper information on how to configure for security and Microsoft will share details on how it secures its own networking infrastructure.

Ballmer also unveiled Microsoft’s new safety technologies designed to enable customers to more effectively protect their computers and systems from malicious attacks even if patches do not yet exist or have not yet been installed. These safety technologies will first ship in Service Pack 2 for Windows XP, planned for the first half of 2004, and subsequently in the Service Pack 1 for Windows Server 2003.

“Our goal is to enable increased protection and resiliency of systems and networks,” Ballmer said. “Our highest priority is developing these safety technologies for our customers. This is a key area of focus for us.”

These security advancements for Windows XP will focus on protections against the four types of attacks that constitute the largest percentage of threats: port-based attacks, e-mail attacks, malicious Web content and buffer overruns.

For Windows Server 2003, the safety technologies will enable remote-access connection client inspection and intranet client inspection to help protect corporate networks from potential infections introduced by mobile systems. These technologies are expected to be available in the second half of 2004.

Microsoft Ireland boss Joe Macri commented: “We have worked closely with our colleagues in Microsoft Corp. to help bring this broad security initiative to fruition in a timely manner and in such a way that directly responds to the needs and issues raised by our customers in Ireland over the past number of weeks.”

By John Kennedy