By Andy McCue, 14 July 2004 09:50
NEWS Microsoft claims it has made "real progress" in the last year towards its goal of Trustworthy Computing but criticised businesses for failing to be more proactive on security.
Speaking at the Microsoft Worldwide Partner conference in Toronto, Mike Nash, corporate VP of the security business and technology unit at Microsoft, said key milestones include the forthcoming Windows XP Service Pack 2 and the availability of Internet Security and Acceleration Server 2004 standard edition.
The overhaul of Microsoft's security update tools and processes has also yielded results. There has been a 400 per cent growth in consumer use of Windows Automatic Update in the last 10 months, and 112,000 unique servers now connect to Microsoft's website for software update services.
But Nash said many users are still too reactive about security. "I'm still surprised how many customers have not thought about a security plan," he said.
He also urged partners and resellers to push customers into upgrading to the latest versions of Windows because of the security benefits but admitted this is unrealistic to expect.
But as a matter of priority Nash said users should look for the latest versions of Microsoft software for "servers that face the internet and machines and laptops that are mobile".
"Customers who use Windows Server 2003 are much more secure than those who use Windows 2000," he said.
Microsoft also unveiled new security technology that will allow IT managers to prevent end users connecting to the corporate network unless their machine has the correct updates and security policies installed.
The Network Access Protection (NAP) technology will detect the "health state" of a PC or laptop attempting to connect to the network and will be shipped as part of the Windows Server 2003 update release, codenamed R2, which is due next year.
Specifically NAP determines whether a networked client machine is compliant with IT-defined network access policies when they try to connect. It then automatically restricts noncompliant machines to a separate, restricted network where the necessary patch and antivirus updates are available. Once the machine is updated the client is automatically revalidated for network access.
Microsoft CEO Steve Ballmer also admitted there is still some way to go on the Trustworthy Computing road. "We're not acceptable on security but we're ahead of the other guys," he said at the conference.
Comments
There are 7 comments. Join the discussion
1. anonymous
Ok. Let's see if I have this straight.
Microsoft is making great strides in security as proven by all of the improvements in a product that is not available yet and will cost users even more money to obtain eventhough these fixes are necessary because of gapign security holes in previous Microsoft products.
Oh, and Microsoft feels that companies should be ashamed of themselves for not taking a bigger role in trying to keep their organizations safe from Microsoft products.
Riiiiiiiiiiiight.
2. A.A.
They should get the latest holes in IE fixed in a couple of months.
3. anonymous
The previous comment and the current trend towards security are the problem. Microsoft has made great strides in mitigating security issues. More than most companies. This is because Microsoft is attacked more than most companies. If people really believe that linux or Apple have OS's that are more secure, they must be crazy. Operating systems are made up of millions of lines of code. I really doubt that linux has had the type of code coverage that Microsoft software has had to go through.
Also why don't users have to take some responsibility? If the manufacture of my car tells me they found a problem in the engine that may make my car explode and the manufacture will then provide a fix for me. If I choose to ignore that fix and my car blows up who do I blame. Better yet why don't we start blaming the hackers or should I call them cyber terrorist? People seem to think that virus' and worms don't require someone to sit down and think of some way to maliciouly break something. That is called a crime. But instead of people getting angry at the cyber terrorist they choose to get mad at the person who is trying to fix the problem.
I don't get it.
4. Craig
Yes, Anonymous of Redmond, Wa, I'm sure you don't get it. Microsoft just doesn't get it!
Security through obscurity is a myth and there are a lot of people cleverer than you and me who have proved it. There are settings in Windows that are not present in other OSs that allow the kind of attacks we see in the press every day. How do you explain the recent Win64 virus that appeared? That hardly has a large market share. Apache runs more web servers than IIS, so what was the inspiration behind the recent ADO.stream vulnerability attacks?
5. K B
Annonymous of Redmond, yes if I have a car problem I will fix it, as I apply the security patches Microsoft send out, I am not however about to buy a whole new car to sort the problem which is what they seem to be telling us to do. Oh and of course with the new car you will need new CD, Mobile car kit,... etc etc.
6. anonymous
Anonymous said "Also why don't users have to take some responsibility? If the manufacture of my car tells me they found a problem in the engine .... " True ... but that does not mean I won't get hacked off by the manufacturer and by a different make of car in future (Not so easy with OS's)
If the Car manufacturer found a problem with the car locks and my car was stolen, I think I would be entitled to put a lot of blame onto the manufacturer and not just the theives.
7. Daniel Ward
Let me understand this - As a user, it's my fault my PC is compromised by a hacker who uses a "hole" or vulnerability in a microsoft OS? Why then, does applying the "required updates" for these holes result in my spending two or three days to fix my now inoperative software (whose only fault lies in relying on Microsoft's OS).
Next you'll tell me that my credit card number is safe to use on the internet (watch any recent bank commercial, if you believe this).
No thanks, I'll install critical updates when my firewall can't handle the security hole anymore.