Users login

Create an account »


Users login

Home » Hacking News » Microsoft Steps Up Software Security

Microsoft Steps Up Software Security

by platon on October 5th, 2001 SAN FRANCISCO - Microsoft Corp. (Nasdaq: MSFT ) on Wednesday announced a new initiative to help customers improve the security of their networks after a string of high-profile viruses targeted Microsoft software used to run Web sites.

"With the virus attacks of late and the numbers of those and how vicious those attacks have been ... it's incumbent on Microsoft, being in the leadership position we're in, to help drive forward the industry in this area,'' Brian Valentine, senior vice president of the Windows Division at Microsoft, said in an interview.

"We can't just sit back and think about Microsoft,'' said Valentine, who is leading Microsoft's new security task force.

The announcement follows a string of worms and other security breaches, including the Code Red worm of August and Nimda worm in September.

Those worms, which are self-propagating viruses, exploited holes in Microsoft's Internet Information Services server software and installed "backdoors'' that left infected computers vulnerable to future hacking.

IIS, which is used to run Web sites, is sold separately and comes bundled with Windows 2000 and Windows NT.

In addition to repeated complaints over the years by security experts over what they say is lax security, Microsoft recently has also been singled out by a market research firm and an insurance underwriter.

Gartner Group has urged Microsoft customers hit by the worms to switch to Apache or iPlanet Web servers. And J.S. Wurzler Underwriting Managers' Safeonline division is charging some companies using IIS as much as 15 percent more in premiums.

Valentine denied that the company was responding directly to those moves, but he said they illustrated a general problem of customer confidence that the company hoped to address.


Signaling a change in long-standing policy for Microsoft, the company said it will deliver all of its software -- including the next version of IIS that will be bundled with Windows .Net Server next year -- in the "locked down'' position by default.

That means the settings will be placed in the most secure configurations when shipped, rather than in the most ``open'' position, which can leave the computer more vulnerable to hacking, but can offer more immediate and advanced functionality.

Under the new initiative, too, Microsoft will offer a toll-free support line (1-866-727-2338) customers can call when they are hit by viruses and a free CD that contains fixes for all the vulnerabilities in Windows NT 4.0 and Windows 2000, as well as software to lock down IIS.


In coming months Microsoft plans to offer a free online service that will notify customers of security vulnerabilities and automatically download the fixes.

Microsoft is also training its technicians to help companies secure their networks before issues arise rather than merely respond to situations after they occur, Valentine said.

In addition, the company also said it would continue addressing security issues during the development of its software to minimize the number of bugs and holes in its new products.

Security exploits are common and affect all software, but Microsoft has born the brunt of them through the years.

The company contends that its software is targeted by virus writers and malicious hackers because it is so ubiquitous. Critics have complained, however, that Microsoft software is inherently insecure.

At a minimum, critics have said, the company should ship its software so that sophisticated users can decide for themselves the security level they want and unsophisticated users won't be caught off guard by security problems as they did with Code Red and Nimda.

Shares of Microsoft were up 6 percent to $56.28 in mid-day trading on the Nasdaq.

Copyright 2001, Arizona Central. All Rights Reserved.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »