Skip to main content /TECH with /TECH

Microsoft tightens screws on Windows security

Industry Standard

(IDG) -- In an effort to polish up its tarnished security reputation, Microsoft on Tuesday announced new features for the next version of its Windows operating system that will help prevent naive e-mail users from unleashing viruses on their computers.

As part of its "Secure Windows Initiative," the software giant also is beefing up internal and external testing of its software, and it plans to have an outside firm validate its .Net Web-based services software for security. Microsoft also has purchased technology from an outside company that is intended to help it cut down on the amount of buggy software it releases.

What laws would you like to see in place to protect users of the Internet? Is complete Net security a possibility, if so, how? Discuss Security on the net here INFOCENTER
Related Stories
Visit an IDG site search

Hackers have made a hobby out of exploiting holes and bugs in Microsoft software to gain unauthorized access to computers remotely. Hackers and virus writers target Windows because it's the software used by most people around the world. But Microsoft also has been criticized for sacrificing high levels of security in favor of convenience and functionality. Microsoft counters that it merely gives computer users what they want, and that it made the tradeoffs to provide customers with the usability they demanded.

Microsoft said it is taking a "community leadership" role in improving computer security. But "I don't want to imply that Microsoft is driving or controlling or [is] the leading expert in security," David Thompson, VP for the Windows Product Server Group, said in a keynote address on Tuesday. Thompson was careful to avoid any hint of industry dominance of the kind that led to its antitrust woes. Instead, he said Microsoft is "catalyzing the advancement of security knowledge."

Rather than trying to keep pace with bugs and viruses after they are discovered -- by making ad hoc patches and other software fixes -- Microsoft is now trying to improve its software development. It also wants to give people more tools to protect themselves.

The upcoming Windows products, Windows XP on the desktop and the server version, code-named "Whistler," will include a new software-restriction-policy feature designed to stop viruses from being automatically downloaded when a user opens an e-mail attachment that is intended to infect. The feature would enable an IS department or an individual computer user to place restrictions on where and how programs can run on the computer.

The moves were applauded by several attendees, including one who responded to word that a great majority of Microsoft's security bugs are caused by easy-to-fix exploits known as "buffer overflows."

"This is something that can be prevented," said Franz J. Brucklmayr, a senior scientist in the Innovations department of Munich-based Infineon Technologies, which makes integrated circuits for smart cards. "This is lazy programming."

Also at the conference, RSA made several announcements related to wireless security. The company unveiled technology that can turn a smart card into a multipurpose program for conducting different types of electronic transactions. The technology will also enable people to download digital credentials over the Internet, so they can work from multiple computers.

RSA and Ericsson demonstrated the first use of digital certificates in a mobile phone for authentication, encryption and the digital signing of online transactions. In addition, RSA announced that Matsushita, one of the leading wireless phone suppliers for NTT DoCoMo's popular iMode service in Japan, is using RSA's encryption technology in its phones.

The conference, which was expected to draw about 10,000 attendees, lacked the righteousness and controversy that have surrounded the event in past years, when the U.S. government had tight controls over the export of strong encryption. The Clinton administration eliminated those restrictions in late 1999 and early 2000, after years of criticism from the software industry, which held that rather than protecting national security, the rules were instead interfering with U.S. competitiveness on the world market.

The annual event is known for its theatrics. Opening day on Monday featured the San Francisco Symphony and singer Pat Benatar. Comedian Dana Carvey performed during Thursday's closing ceremony.

Microsoft issues patch for new Outlook security hole
February 26, 2001
Guninski finds another hole in MS Exchange security
March 29, 2001
Microsoft Web sites suffer large scale blackout
January 24, 2001
Worm possibly used against Microsoft had links to China
January 19, 2001
Security holes found in Windows Media Player
November 27, 2000
New security hole found in Microsoft Internet Explorer
November 23, 2000
Exchange bug could be exploited for denial-of-service attacks
November 6, 2000
Microsoft security executive promises improvements
July 27, 2000
Microsoft scrambling to fix new Outlook security hole
July 21, 2000

MS again goes on the security offensive
(Network World Fusion)
Microsoft modifies Passport policy amid complaints
Click with caution: Microsoft's user licenses get tough
Microsoft, Cisco team on wireless security
Another hole in MS Exchange security
More bugs in Microsoft's rug
(The Industry Standard)
Microsoft launches worldwide piracy hunt
IE flaw lets hackers take over user's computer

RSA Security
RSA Conference 2001

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top