Two years after Microsoft
a corporate-wide focus on security, Microsoft claimed that the
company is fulfilling its promise.
At Microsoft’s Worldwide Partner Conference held July 8-10 in
Minneapolis, Mike Nash, corporate vice president of Microsoft’s Security Business and Technology unit, told attendees how
security has improved over the last two years in Microsoft products.
According to Microsoft, Windows XP SP2 users are “13 to 15 times less likely to be infected by some of the most prevalent malicious software relative to customers using earlier versions of Windows XP.”
In comparison with Windows XP Service Pack 1 and
Windows 2000 Professional, Nash said, SP2 had half the number of critical
vulnerabilities during the first nine months of its release. Over 218 million
copies of SP2 have been distributed to date.
Nash also highlighted Microsoft’s security applications, including the
Windows Malicious Software Removal Tool (MSRT), which has been executed 831
million times since its introduction in January.
Microsoft’s Security Development Lifecycle (SDL) initiative, which was
announced in 2003, has resulted in more secure Windows applications according
to Microsoft’s data. Over 15,000 Microsoft developers have received SDL-related training to date.
SDL gives Microsoft a security advantage over open source competitors in
Nash’s view. Open source server and database applications have had a greater
number of security vulnerabilities than SDL-developed products like Windows
Server 2003 and SQL Server 2000, according to a Microsoft-sponsored study
cited by Nash.
Over a 12 month period SQL Server 2000 running on Windows
Server 2003 had 27 High severity security issues and 36 other security
issues. In comparison, MySQL running on Red Hat Enterprise 3 had 41
High severity issue and 75 other security issues.
“Customers should evaluate the disciplined development process that comes
with Microsoft products against open source, which has no similar process,”
said Nash in a statement. “That, coupled with our clearly defined commitment
to managing security issues, is a compelling differentiator for Microsoft
against other platforms on security.”
Microsoft’s open source competitors, though, have their own research
showing that their product’s code is superior. Back in February, MySQL was shown in a study by Coverity to have fewer software defects than its commercial
competitors, which includes Microsoft’s SQL Server.
Though Nash highlighted Microsoft’s security successes, Microsoft still
has its share of security issues. In early July, a security firm revealed a flaw in Internet Explorer that potentially left users at risk from
hackers over the July 4 weekend.
Microsoft issued a registry key update four days later and is expected to issue an update through its monthly patch
cycle tomorrow.