Microsoft, under attack, aims to offer security

Two and a half years after launching its Trustworthy Computing initiative Microsoft is finding its products the target of escalating attacks, to the extent that some security experts are even warning that the company's Internet Explorer browser is simply not safe to use.

While the company has been trying to take these slings and arrows in its stride, claiming they are an unfortunate side effect of being a market leader and that it's doing all it can to defend itself, users seem to be looking for reassurance that Trustworthy Computing will pay off - and soon.

"They've launched this Trustworthy Computing campaign and they are still issuing all these patches. They shouldn't make things so complex. When is it going to get better?" asked software developer Michael Kranawetter. He was interviewed on the floor of last week's Tech Ed conference in Amsterdam where some 6,000 software developers and IT professionals gathered to hear the latest in Microsoft development news.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Two and a half years after launching its Trustworthy Computing initiative Microsoft is finding its products the target of escalating attacks, to the extent that some security experts are even warning that the company's Internet Explorer browser is simply not safe to use.

While the company has been trying to take these slings and arrows in its stride, claiming they are an unfortunate side effect of being a market leader and that it's doing all it can to defend itself, users seem to be looking for reassurance that Trustworthy Computing will pay off - and soon.

"They've launched this Trustworthy Computing campaign and they are still issuing all these patches. They shouldn't make things so complex. When is it going to get better?" asked software developer Michael Kranawetter. He was interviewed on the floor of last week's Tech Ed conference in Amsterdam where some 6,000 software developers and IT professionals gathered to hear the latest in Microsoft development news.

To be fair, Microsoft has been working hard to streamline its patching process, by releasing combined fixes when possible and delivering them on a monthly release schedule, for instance. It is also providing a free patching service and a centralized place for users to find fixes.

Besides improved patching, it is also moving to bolster the security of its desktop software, by turning off potential ports of attack and adding security features such as a firewall enabled by default, to help users protect their PCs.

Many new security improvements are due to be delivered with the much anticipated Windows XP Service Pack 2 (SP2), an update to the Windows XP operating system, which is so jam-packed with fixes and features that installing it is said to be like a installing a whole new operating system.

Microsoft executives have promised to deliver SP2 by "the end of summer" although Microsoft Senior Director of Trustworthy Computing for Europe, the Middle East and Africa (EMEA) Detlef Eckert said at Tech Ed last week that "summer ends in September this year."

"We have now realized - to some extent, painfully - that the security atmosphere has changed which is why we are putting so much effort into [SP2]," Eckert said. "Most of these new features would have blocked against recent attacks."

The company learned a great deal from threats like the Sasser Internet worm, he added, which wreaked havoc earlier this year by exploiting a disclosed hole in a component in Windows.

"We know we need to move ahead of the attack cycle and mitigate against specific attacks against applications," he said.

But while the company has been working to address users' security woes, it continues to come under attack from virus writers who clearly have a few tricks up their sleeves.

One of the latest attacks used Web sites running Internet Information Server (IIS) to launch malicious computer code, and prompted the company to release updates to its Windows 2000, XP and Windows Server 2003 software last week to help users fend off the attacks.

The IDG News Service is a Network World affiliate.