Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Firefox SSL-certificate debate gets gnarly
New router algorithm offers hope for old routers
Virtual healthcare system makes house calls
East Coast Web connections run laps around rest of U.S., study says
'White space' spectrum debate to get hotter
Sun for sale? Dropping profits, stock price fuel speculation
Going virtual raises storage-management, procurement issues
20 crazy things people do to get Wi-Fi connections
RFID, radio location services use soaring at hospitals, study shows
Microsoft invests $100 million more in Novell
iPhone 3G owner sues Apple over dropped calls, slow speeds
IBM commits $300 million to disaster recovery build-out
Microsoft hires Seinfeld to bite Apple
Talend readies open source tool to tackle dirty data
Intel laptop platform to boost graphics, power use
Security /

Tester's Challenge update

Related linksToday's breaking news
Send to a friendFeedback

Major operating system vendors defend existing security information efforts.

By Christine Burns and Rodney Thayer
Network World, 03/29/04

Network World's most recent Tester's Challenge published two weeks ago called on the major operating system vendors to streamline the process of supplying security update information to customers.

Our charge was that, while information might be available on vendor Web sites, it's hard to locate and in some cases is incomplete.

Advertisement:
Discuss
Jump into the forum on vendor patch practices.

Told that their tools are hard to use and inadequate, MicrosoftNovellApple and Red Hat chose to defend their existing approaches. None offered any insight about how they intend to improve the situation other than to point to existing plans to automate update tools, which might obviate the need to disseminate some security information.

We offered Microsoft 800 words to respond to this challenge in print, and while the company declined to write a formal response, it did agree to talk to us about its Web-based security resources.

"I can't say that we hear much about our strategy for pushing out security information being off course, but we do hear often that we can tactically make it better," says Stephen Toulouse, a security program manager with the Microsoft Security Response Center. The center coordinates how vulnerabilities get reported and fixed, and how customers are notified of those security updates.

Toulouse says Microsoft's layered approach to supplying relevant security update information can't be simplified much because its customer base ranges from single Windows users to large enterprise accounts.

Microsoft maintains parallel efforts for consumers and IT staff, both in terms of its e-mail notification services and on its Web site. Consumers can find information at www.microsoft.com/security, while IT staffers will need to hit the Microsoft TechNet Security Resource Center site - www.microsoft.com/technet/security/.

Toulouse says these security pages are updated constantly, even though a prominent link advertised registration for a March 16 event when we spoke with him on March 24.

We pointed out that while Microsoft numbers its security patches in a specific format - MS 04-XXX - you cannot search on that format. Furthermore, the company does not discern between original and updated security bulletins in its overall listings, making it difficult to ensure you have the most recent patches applied.

We also encountered a bug on the security patch search page that did not let us view the security update listing using two different, fully patched Windows XP Pro machines running Internet Explorer. We logged an event error with the support team but had not heard back from them at press time.

Although these points may seem trivial, we argue that security professionals pressed for time need things organized intuitively to ensure their systems are properly secured.

RELATED LINKS

 
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.