Users login

Create an account »


Users login

Home » Hacking News » Microsoft Releasing New Security Tool

Microsoft Releasing New Security Tool

by ivy on August 23rd, 2001 Hoping to reduce the impact of hacker attacks such as the "Code Red'' worm, Microsoft Corp. on Thursday was releasing a security tool designed to help less technically sophisticated users eliminate vulnerabilities in their servers.

The free, downloadable security tool helps users disable functions and settings that could leave their servers open to an attack, said Scott Culp, Microsoft's security program manager.

These include Internet printing, advanced search functions and certain scripting technologies that enable viruses and worms to spread, Culp said.

The tool is designed for a part of the Windows NT and Windows 2000 operating systems known as Internet Information Services that must be installed publish Web pages. That function fell victim to the Code Red worm attack, bringing down hundreds and thousands of Web sites.

Since then, some programmers have faulted Microsoft for designing ease-of-use features into its server software that critics say make them too vulnerable to intruders.

This tool, which aims to fix that problem, is the latest in a series of free, downloadable security products the Redmond-based software giant has released recently to help protect Microsoft products from attack.

"We know that software being written by human beings is never going to be bug-free,'' Culp said. "The way to address the human fallibility problem is to make work factor as small as possible.''

Last week, the company released Microsoft Personal Security Advisor, a Web application for personal users of Windows operating systems.

With one mouse click, the program checks your system for any needed security patches and evaluates your computer's configuration for any security vulnerabilities.

For example, if the program can successfully guess one of your passwords, it may suggest that you try a less predictable one.

Another tool, HFNetChk, lets administrators check that the latest security patches have been downloaded on entire networks of computers.

Culp said the tools will not send any information from personal computers or servers back to Microsoft. He stresses that the service should be used in conjunction with other security services, such as antivirus software or firewall protection.

"It's all very important, it's all very useful and it's part of the overlapping nature of security,'' Culp said.

Chris LeTocq, an analyst at Guernsey Research, said the push at consumer education is a good move for Microsoft whose software, in part because of its dominance in the desktop operating market, is the most frequent target of hacker attacks.

"When you look at the issues that Microsoft has with security, because they are predominant target and they have people banging on them all the time ... it's a good idea to prompt users,'' Le Tocq said.

But he doubted that the move would keep hackers from attempting to exploit vulnerabilities in Microsoft products.

"Microsoft will continue to be in the public eye mainly because of its large presence and attractiveness as a target,'' he said.

from: wwwnetdaily

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »