Nearly two years after launching its Trustworthy Computing initiative, Redmond, Wash.-based Microsoft is again vowing to make its software more secure. Speaking at the vendor's Worldwide Partner Conference in October, Microsoft CEO Steve Ballmer told attendees that the company will embed additional security features into its software. "We're going to have to put in place a multistreamed set of activities to help our customers be secure," he said.
Among Microsoft's planned efforts in the near future is to change the way it discloses software vulnerabilities to its customers and the market. Amy Carroll, director of product management in Microsoft's security business unit, says the company will soon switch to monthly security bulletins and security updates instead of the current sporadic Wednesday evening announcements.
Microsoft is also working on an improved patch management platform. By early 2004, the company says, it will enhance the entire patch management process, including improvements to Microsoft Software Update Services. "The idea is to make patch management as transparent to the user as possible," Carroll says. The vendor also plans to improve the firewall included with Windows XP and Windows 2000, and to ship the operating systems with the firewall turned on by default, according to Carroll.
The announced moves are steps in the right direction, says Mike Paquette, vice president of marketing and product management at Top Layer Networks (Westboro, Mass.), a provider of network security solutions.
"The introduction of the firewall functionality into the operating system is a good step; it helps narrow the window of vulnerabilities that can be exploited, Paquette says. "Fixing the root problem, which is reducing the number of vulnerabilities in the software, is at the core of the problem-but a monthly security update is a reasonable approach."
EDITOR'S NOTE: This article first appeared in InformationWeek, a sister publication to Insurance & Technology, and includes a contribution from Anthony O'Donnell.
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio