Microsoft tightens screws on Windows security
(IDG) -- In an effort to polish up its tarnished security reputation, Microsoft on Tuesday announced new features for the next version of its Windows operating system that will help prevent naive e-mail users from unleashing viruses on their computers.
As part of its "Secure Windows Initiative," the software giant also is beefing up internal and external testing of its software, and it plans to have an outside firm validate its .Net Web-based services software for security. Microsoft also has purchased technology from an outside company that is intended to help it cut down on the amount of buggy software it releases.
Hackers have made a hobby out of exploiting holes and bugs in Microsoft software to gain unauthorized access to computers remotely. Hackers and virus writers target Windows because it's the software used by most people around the world. But Microsoft also has been criticized for sacrificing high levels of security in favor of convenience and functionality. Microsoft counters that it merely gives computer users what they want, and that it made the tradeoffs to provide customers with the usability they demanded.
Microsoft said it is taking a "community leadership" role in improving computer security. But "I don't want to imply that Microsoft is driving or controlling or [is] the leading expert in security," David Thompson, VP for the Windows Product Server Group, said in a keynote address on Tuesday. Thompson was careful to avoid any hint of industry dominance of the kind that led to its antitrust woes. Instead, he said Microsoft is "catalyzing the advancement of security knowledge."
Rather than trying to keep pace with bugs and viruses after they are discovered -- by making ad hoc patches and other software fixes -- Microsoft is now trying to improve its software development. It also wants to give people more tools to protect themselves.
The upcoming Windows products, Windows XP on the desktop and the server version, code-named "Whistler," will include a new software-restriction-policy feature designed to stop viruses from being automatically downloaded when a user opens an e-mail attachment that is intended to infect. The feature would enable an IS department or an individual computer user to place restrictions on where and how programs can run on the computer.
The moves were applauded by several attendees, including one who responded to word that a great majority of Microsoft's security bugs are caused by easy-to-fix exploits known as "buffer overflows."
"This is something that can be prevented," said Franz J. Brucklmayr, a senior scientist in the Innovations department of Munich-based Infineon Technologies, which makes integrated circuits for smart cards. "This is lazy programming."
Also at the conference, RSA made several announcements related to wireless security. The company unveiled technology that can turn a smart card into a multipurpose program for conducting different types of electronic transactions. The technology will also enable people to download digital credentials over the Internet, so they can work from multiple computers.
RSA and Ericsson demonstrated the first use of digital certificates in a mobile phone for authentication, encryption and the digital signing of online transactions. In addition, RSA announced that Matsushita, one of the leading wireless phone suppliers for NTT DoCoMo's popular iMode service in Japan, is using RSA's encryption technology in its phones.
The conference, which was expected to draw about 10,000 attendees, lacked the righteousness and controversy that have surrounded the event in past years, when the U.S. government had tight controls over the export of strong encryption. The Clinton administration eliminated those restrictions in late 1999 and early 2000, after years of criticism from the software industry, which held that rather than protecting national security, the rules were instead interfering with U.S. competitiveness on the world market.
The annual event is known for its theatrics. Opening day on Monday featured the San Francisco Symphony and singer Pat Benatar. Comedian Dana Carvey performed during Thursday's closing ceremony.
Microsoft issues patch for new Outlook security hole
RELATED IDG.net STORIES:
MS again goes on the security offensive
Study: Gadget sales flat
Protest slams Dell's use of prison labor
Steve Jobs keeps Apple in the limelight
N. Y. plans to heal skyline
Stocks rise on Case departure
Lieberman's presidential announcement today
New arrests may be linked to UK ricin scare
Jordan says farewell for the third time
Shaq could miss playoff game for child's birth
Ex-USOC official says athletes bent drug rules
|Back to the top|