Ballmer Touts New Security Initiatives

At Microsoft's Worldwide Partner Conference in New Orleans on Thursday, CEO Steve Ballmer lauded the company's efforts to protect its customers and lock down Windows. Through its "Protect Your PC" campaign, Microsoft will begin improving patch distribution, institute global education programs and develop new safety technologies.

Ballmer announced that Microsoft was endeavoring to improve the patch experience throughout its product lines. As previously reported by BetaNews, Windows Installer (MSI) 3.0 and Software Update Services 2.0 will work in tandem to reduce complexity, lower the need for system reboots by 30 percent, introduce rollback capabilities, and include new processes for patch distribution and manageability.

The release schedule for patches will be modified to deliver predictable monthly releases, while Microsoft is also extending legacy support for Windows NT Workstation 4 Service Pack 6a and Windows 2000 Service Pack 2 through June 2004.

Consumer education seminars will be hosted courtesy of Microsoft TechNet, paired with monthly webcasts and in-depth training courses. According to Redmond, these sessions will reveal new prescriptive guidance in the form of patterns and practices, deeper information on how to configure for security, and the company will begin sharing details on how it secures its own networking infrastructure.

New safety technologies are slated to ship with Windows XP Service Pack 2, planned for mid-2004, and Service Pack 1 for Windows Server 2003 shortly thereafter. These safety technologies are designed to be resilient against any future threats, protecting customers from malicious attacks even if patches have not been installed or released.

According to Microsoft, "these security advancements for Windows XP will focus on protections against the four types of attacks that constitute the largest percentage of threats: port-based attacks, e-mail attacks, malicious Web content and buffer overruns."

While Microsoft's Mike Nash, Corporate Vice President of the Security Business Unit, waxed poetic on how partners will fix this gap with the right medicine to cure what ails Windows, Microsoft is developing its own comprehensive backup, firewall and antivirus solution for Windows XP - currently code-named, PC Satisfaction. PC Satisfaction's firewall and antivirus technology are licensed from Redmond partners.

Microsoft already has a base to build upon. Windows XP includes Internet Connection Firewall, which is now "turned on" by default on all new Windows distributions. The software giant has also moved to gobble up the intellectual property and assets of a small Romanian antivirus vendor.

Windows Server 2003 safety technologies will enable remote-access-connection client inspection and intranet client inspection to help guard corporate networks against infections introduced by mobile systems.

"Our goal is to enable increased protection and resiliency of systems and networks," Ballmer said. "Our highest priority is developing these safety technologies for our customers. This is a key area of focus for us."

Future steps to secure the perimeter of the Windows platform include the Next-Generation Secure Computing code base, otherwise known as "Palladium." This controversial initiative is timed for release with the next major Windows upgrade, dubbed Longhorn. All in all, Microsoft's efforts to batten down the hatches and stifle hackers will take time.

Later this month, Microsoft's Professional Developers Conference (PDC) will focus a dedicated symposium solely on secure coding practices.

When asked by BetaNews why the company is hosting numerous PDC sessions on Longhorn, Yukon and Whidbey features and so few on securing the new products, a Microsoft spokesperson said, "Content on security processes and practices pervade many of the PDC sessions, and there is a full day dedicated to security in addition to the break-out sessions."

But just last week, a groundswell of criticism encircled Redmond, alleging that Microsoft is not doing enough to secure its products.

The first salvo was a class action lawsuit filed by the State of California in late September that all but mirrored a report authored by a group of security experts earlier that month. Both parties alleged that Microsoft's near monopoly power coupled by its penchant to be targeted by hackers, and vulnerable to malicious code, creates a cascading effect whereby massive network failures could potentially occur as a result.

Later on in the week, a highly publicized leak of Valve's Half-Life 2 source code was pinned on unresolved security lapses in Microsoft's Internet Explorer Web browser. In both circumstances, Microsoft refused to comment specifically; the software giant placed the blame on cyber criminals committing illegal acts.

Referring to the latest California class action lawsuit filed against the company, a Microsoft spokesperson told BetaNews, "This complaint misses the point. The problems caused by viruses and other security attacks are the result of criminal acts by the people who write viruses."

"While working hard to improve the security of our software, Microsoft also works closely with federal and state law enforcement to help bring the perpetrators of these attacks to justice," the spokesperson said. Microsoft would not comment on the Half-Life leak.