InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Community //  Opinions //  Article
Print Article    Email Article
Window Manager
Brian Livingston
Feel more secure yet?

REDMOND, WASH. -- It has now been more than three months since Microsoft chairman Bill Gates sent all employees his "Trustworthy Computing" e-mail, calling for the company's software to be made secure "right out of the box." So I've traveled to corporate headquarters here to find out on your behalf what progress the software giant has made so far.

I have no doubt that Gates is sincere in wanting to stop the headlines about how wide open his company's products are to malicious hackers. Persuading people to entrust their data to Passport, .Net, and Microsoft's many other offerings is hard enough. It's no help to see front pages reporting, say, that Passport had to be shut down for two days because people's credit cards could be acquired just by sending the victims a short e-mail message (see "Microsoft times out").

It isn't like Microsoft isn't trying. When security flaws are found, the company does strive to inform Windows users about free, corrective patches.

But this creates its own headaches. Since Windows XP shipped in October 2001, Microsoft has posted at least seven patches for the operating system, three of them rated "critical." (Some of these patches also apply to earlier versions of Windows.)

According to the company's security bulletin service (see www.microsoft.com/technet/security/current.asp), 60 patches were released for all Microsoft products in 2001 alone. That's more than one a week. Merely keeping track of the changes can be a full-time job, and in some cases, applying a patch has caused other problems.

I personally hope Microsoft gets this situation under control, so I can write about more interesting things than the latest threat.

I'm glad to report, therefore, that Gates' e-mail has so far produced at least one tool to cope with the flood of patches. It's called MBSA (Microsoft Baseline Security Analyzer), available at www.microsoft.com/technet/security/tools/Tools/mbsahome.asp. This program, released on April 8, runs on Windows XP or 2000 and searches a network of XP, 2000, and NT 4.0 SP4 machines for missing patches, insecure configurations, and weak passwords.

Some glitches, unfortunately, have already arisen. InfoWorld reported last week that MBSA gives erroneous warnings even after some hotfixes have been applied. (See "Microsoft defends Baseline Security Analyzer tool".)

Alternatives to MBSA include commercial programs that not only discover missing patches but apply fixes remotely to the vulnerable machines.

What has your experience been? I'll send a gift certificate for a free book, CD, or DVD of your choice to readers whose comments I print. Watch this space in coming weeks for more about your options.




RELATED SUBJECTS

Security

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Community //  Opinions //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Learn to secure your PCs from new and unknown hacker attacks.
Click here to receive a FREE Success Kit from Oracle.
SPEED, PERSONALIZATION AND INTEGRATION: THE KEY TO E-COMMERCE SUCCESS.
Protect Your Data: Get your FREE Enterprise Backup Intelligence Kit from ADIC.
New HP digital projectors — click now for limited-time introductory offers.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine
Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2002 InfoWorld Media Group, Inc.