Microsoft Attempts to Tighten Screw on Security

Microsoft Corp.’s Outlook e-mail client and Internet Information Services (IIS) Web server software are among the most popular applications in the world for their functions; they also happen to be the most prominent targets for computer viruses and worms. Microsoft Wednesday set out to change that with a new initiative dubbed the Strategic Technology Protection Program.

“As an industry leader, Microsoft recognizes it has a special obligation to help ensure the security of the Internet and our customers’ data,” said Brian Valentine, senior vice president of the Windows Division at Microsoft. “This is a problem that affects the entire industry, but we recognize that there is more work to do. Effective immediately, we are stepping up our efforts with the singular focus of ensuring the security of our customers’ networks and businesses. We will not rest until all our customers have what they need to get secure and stay secure.”

The software giant said its protection program has two phases: Get Secure and Stay Secure.

Microsoft has undertaken the Get Secure phase immediately. Under Get Secure, Microsoft is mobilizing its worldwide organization of technical account managers and field support representatives to work with customers to ensure their networks are operating securely. It is also offering free virus-related product support through a toll-free hotline, 1-866-PC-SAFETY (727-2338). Finally, under Get Secure, the company has made a new Security Tool Kit available online at its Microsoft Security Web site. The tool kit includes service packs and security hot fixes for the Windows NT 4.0 and Windows 2000 operating systems. A free CD version of the tool kit will be available on Oct. 15.

The second phase of Microsoft’s new initiative, Stay Secure, will go even further, according to the company.

Under the Stay Secure phase, Microsoft said that within 60 days it plans to begin providing customers with comprehensive security roll-up packages via Windows Update. Each package will require one step to deploy and only one system reboot. In addition, the company plans, by the end of the year, to offer an automated service for providing business customers with the comprehensive security roll-up packages updates. The company also said it will expand the scope of its Secure Windows Initiative (SWI).

SWI was announced at the RSA Conference in April, and focuses on improving Microsoft’s own development processes to deliver more secure and reliable products and technologies. The company said it will now apply the tools and processes of SWI to the development of Windows 2000 SP3.

Finally, the Microsoft promised that the next version of IIS will be locked down by default and include an automatic, wizard-like tool to help customers customize and secure it to meet their individual needs.

“Worms and viruses present a continued threat to all systems and all software,” said Harris Miller, president of the Information Technology Association of America (ITAA). “User education, understanding best security practices, improvements in software development, rigorous enforcement of federal laws, and prosecution of offenders are key elements in a coordinated and comprehensive strategy to protect our computer systems and networks. It is gratifying to see Microsoft step up and offer serious outreach programs to address this national and global challenge.”

News Around the Web