Content

Microsoft reiterates security efforts at San Francisco summit

Microsoft kicked off its security summit in San Francisco Tuesday by reiterating the steps it’s taking to improve the security of its software.

"We've learned of  lots of frustration you have with our technology," Rick Devenuti, corporate vice president, Microsoft services and IT, told the hundreds of attendees in a keynote.

In response, the company is streamlining its update process to make patching easier, is working to develop more reliable software and aims to reduce the impact of malware by focusing on system isolation and resiliency, he said.

Devenuti outlined the security improvements offered in the upcoming Windows XP Service Pack 2, which he called "the most secure operating system from Microsoft for the desktop."  Microsoft also is working on "dynamic system protection," which will allow administrators to protect a system before a patch is released, behavior blocking, and is working with partners on firewalls that are more application aware.

Microsoft also plans to provide a way to check a system's antivirus and patch level before the machine is allowed onto the network. This capability is provided via Windows Server 2003 tools, but will be more readily available in the upcoming ISA Server 2004, according to Devenuti.

To streamline patch management, Microsoft is working to improve the quality of its software updates, reduce their size, and provide better rollback, he said.

Tuesday's San Francisco one-day event was the last in a series of security summits that Microsoft held in 20 U.S. cities. It featured sessions on various security topics tailored for those with intermediate or advanced security skills or developers.

A Microsoft spokeswoman said 2,600 people registered for the Tuesday event, and about 1,300 were expected to attend.

Attendees had mixed reactions about Microsoft's security efforts.

"They're probably doing the best they can," said Rich Harbaugh, senior operations engineer at Omnicell, a medical supplies company based in Mountain View, Calif. "They started with a base of insecure code and they're working hard to secure it."

But an IT consultant who declined to give his name said Microsoft should be further ahead when it comes to security. Instead, "they're catching up," and relying on customers to find faults with their products, he said.

www.microsoft.com

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.