• silicon.com
• Technology
• Hardware

By Pia Heikkila, 18 October 2001 17:45

NEWS In a move which should bring an end to a long week of finger-pointing, Microsoft has finally decided the whole industry is responsible for security - vendors and users alike. The debate was originally sparked by a Gartner report which recommended users stop installing Microsoft server software altogether, such are the security weaknesses. A Microsoft security expert then hit back, telling silicon.com there was nothing wrong with the software itself. He claimed that "laid-back" system administrators were to blame for the rapidity with which viruses spread because they do not update security patches often enough. That provoked a deluge of response from angry sys admins, most of whom agree with Gartner's view that Microsoft's Internet Information Server (IIS) is inherently insecure, and that the company has a tendency to release untried software. Microsoft did retract its original accusation, but the company's top security boss has now brought the debate to a close, saying: "We are all in this together." In an exclusive interview, Howard A Schmidt, Microsoft's chief security officer, told silicon.com the company does not release immature software, but is still trying hard to make its technology more secure. He said: "It is unfortunate the mistakes are not caught earlier as we acknowledge the fact there is a problem with issuing patches. But we are constantly trying to improve our products and learn from our previous mistakes." When asked who is to blame for the lax security of IIS, he said: "We are all in this together, sys admins, the IT professionals, the developers, the security people. We are trying to identify all the pieces which fit together to improve security." He also said sys admins have a very hard job and the company is trying to help to make technology easy for them. Schmidt also responded to Gartner's recommendation. He said: "Our software is not less secure than our competitors', but we have identified the fact that some of the bugs might have created problems. This is why we offer a free lockdown tool to get the problem fixed as soon as possible." We'll be publishing the full video interview with Schmidt in the next few weeks.