Microsoft To Embed Security Deeper In Windows Systems - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
6/24/2004
02:34 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Microsoft To Embed Security Deeper In Windows Systems

The vendor is touting its efforts to be more proactive and talking up the security benefits of Windows Server 2003.

Microsoft customers tell Rick Devenuti, corporate VP of IT: "Microsoft tells us lots of things but you don't tell us what's really important." They also tell him: "Microsoft's comments are very descriptive. Be more prescriptive" on how to set up new software or make a system more secure.

Devenuti recounted those two comments as among those he's encountered most frequently as he talks to customers about how to improve security.

As part of its effort to be more prescriptive, Microsoft has staged a series of "summits" around the country seeking to advise customers on how to implement greater security in the Microsoft portion of the enterprise infrastructure. Devenuti made the last stop of the tour on Tuesday in San Francisco, where he advised several hundred customers at the Moscone Center they would gain a stronger perimeter if they standardize on Windows 2003 Server for their Web servers, mail servers, and other gateways into the company. During its first 12 months, Windows Server 2003 had only 13 Security Bulletins issued on problems with the operating system, compared with 43 in the first 12 months of Windows 2000, he said.

Earlier this month, Devenuti noted, Microsoft upgraded its Windows XP client operating system by issuing Service Pack 2 with an improved Windows Firewall, which has previously been shut off by default. Such was the case even inside Microsoft, and Devenuti said he and other employees questioned why the firewall was shut off as the Blaster worm spread through companies in 2003. If the firewall had been easier to activate, Blaster would have encountered more barriers to its spread.

Service Pack 2 for Windows XP includes a Security Center that quickly tells the user whether the firewall is off or on and gives the user the means to turn on desired features. It also provides an attachment manager that protects against potentially malicious E-mail and includes a blocker of pop-ups and other downloaded code into Internet Explorer.

Overall, the service pack is reducing the number of things turned on in Windows XP unless the user decides they need to be turned on. The adjustment means the operating system now ships "following the idea of least privilege. The surface for attack has been made as small as possible," because viruses, worms, and other exploits often find a way into a system through little-used but open features, Devenuti said.

In the meantime, Microsoft is working on additional security features for Windows, but customers will have to wait until 2007 for the Longhorn version of Windows to appear. One is to include "behavior blocking," or a self-monitoring feature in Windows that can tell when the machine is being put to use outside a range of normal patterns.

"We know using Notepad to send E-mail to everybody in the address book is not normal. Block it. The machine will remain infected but it won't have a chance to infect everyone else's," noted Devenuti.

Microsoft is in the process of simplifying its method for updating its software. "Right now, we have eight different flavors of updates. We're moving to only two, one for operating systems and one for applications," he said.

Microsoft will also seek to reduce the size of updates and build in a rollback capability so that customers may install them more quickly, and return to an earlier version if something goes awry. Many IT organizations hesitate to install security patches or updates without extensive testing against existing systems to make sure the additions won't disrupt their operations, Devenuti said, adding that, "Customers have told me 'the medicine has got to be less painful than the disease.'"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll