Microsoft details latest security push

Microsoft CEO Steve Ballmer, at the company’s recent Worldwide Partner Conference in New Orleans, unveiled more details of Redmond’s newest security and patch management initiative.

Ballmer emphasized three specific facets of the initiative that will be the focus of upcoming activities in Redmond:

1. Improved patch management processes, policies and technologies to help customers stay up to date and secure.

2. Global education programs to provide better guidance and tools for securing systems. 

3. Updates to Microsoft Windows XP and Windows Server 2003 which include new safety technologies that will make Windows more resistant to attack even if patches do not yet exist or have not been installed.

This last feature is the “firewall” or “sandbox” we’ve previously talked about and which will be included with Service Pack 2  for Windows XP (due early in 2004) and Service Pack 1 for Windows Server 2003 (due in mid 2004).

The security advancements for Windows XP will focus on protections against the four types of attacks that constitute the largest percentage of threats:

1. Port-based attacks.

2. E-mail attacks.

3. Malicious Web content.

4. Buffer overruns.

For Windows Server 2003, the safety technologies will enable inspection of remote-access and intranet clients to help protect corporate networks from potential infections introduced by mobile systems. Since buffer overruns introduced by e-mail attacks constitute a large part of the security worries of most network managers, anything Microsoft can do to protect against them is to be applauded.

The goal is to better protect systems generally so that there is time to develop and apply patches that remove specific vulnerabilities. The education component is intended to better prepare not only network managers but also general users to practice “safe computing” with broad availability of new security seminars and in-depth training courses available worldwide for Microsoft customers.

The “improved patch management” includes a new version (2.0) of the stand-alone System Update Server  we talked about a few weeks ago. This new version will handle patch management for Windows, SQL Server, Office, Exchange Server and Visio.

Redmond will also take a more proactive approach to security with its partners and independent software vendors so that everyone is working towards the same “trustworthy computing” goals. That will begin with a dedicated developer security symposium, focused on secure coding practices, to be held at Microsoft’s Professional Developers Conference later this month.

I’m sure you aren’t all convinced yet, but it certainly appears that Microsoft has listened and they are taking your security concerns to heart. Bravo.