Users login

Create an account »


Users login

Home » Hacking News » Microsofts new Security Program has a bug. Big suprise.

Microsofts new Security Program has a bug. Big suprise.

by Majik on November 2nd, 2001 A new security initiative unveiled by Microsoft [NASDAQ:MSFT] last month is off to a rocky start, according to customers and security experts.

Microsoft's Strategic Technology Protection Program drew praise when it was announced Oct. 3. But already the effort, positioned by the company as "an unprecedented mobilization of Microsoft's people and resources" to help customers secure their systems, has hit several snags.

The first occurred on Oct. 18, when Microsoft released a security patch that caused some Windows 2000 systems to stop functioning properly. Citing "human error in the patch building process," the company withdrew and later re-issued the patch.

When asked for clarification on what went wrong, a Microsoft spokesperson told Newsbytes the company had no additional comment beyond what it had stated in customer bulletins.

A week later, at the Oct. 25 launch of Windows XP, Microsoft instructed users to download a 1.9-megabyte security patch for the new operating system. Microsoft has yet to detail the security issues addressed by the XP patch - despite an earlier promise by the senior vice president of the company's Windows division to provide "clear, unambiguous direction on how customers can build and maintain secure systems."

Bulletins describing the XP security fixes will be forthcoming shortly, according to a company representative.

The latest glitch began arriving in mailboxes this week for subscribers to Microsoft's TechNet service. A CD-ROM entitled the "Microsoft Security Toolkit" was promised by the company to help users of Windows NT and Windows 2000 software "protect their systems from common and dangerous threats."

But some administrators have found that the toolkit causes system instability and may actually make some machines more vulnerable by undoing security modifications made by the operator, according to Russ Cooper, editor of NTBugtraq, a mailing list for Windows system administrators.

"If you've taken steps to secure your IIS box, don't touch the Security CD," said Cooper, who reported that some list participants have encountered serious problems after running the new security tools.

Microsoft officials were not immediately available for comment on the reports of problems with the Security Toolkit CD.

Despite its unsteady start, many say Microsoft's security initiative is at least a move in the right direction.

Microsoft has finally "seen the light" on security, according to Tim Mullen, CIO and Chief Software Architect for AnchorIS.Com.

"While there may be plenty of historical evidence to dispute Microsoft's concern or capacity to secure its past products, I am optimistic ... I think they know that this is something that has to be done," wrote Mullen in an editorial this week at the SecurityFocus Web site.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »