Feel more secure yet?

HOME/ SITEMAP
SUBJECT INDEXES

	App Development

	Broadband

	Business Intell.

	Business News

	Business Strategies

	Careers & Mgmt

	Collab. Software

	Content Mgmt

	CRM

	Database

	E-Business

	End-User Apps

	End-User Hardware

	Enterprise Apps

	Ethics

	Government

	Licensing

	Middleware

	Mobile Computing

	Networking

	Online Community

	Operating Systems

	Processors

	Security

	Servers

	Storage

	Telecomm.

	Web Services

	Web Technologies

	Wireless

	XSPs

NEWS

CTO ZONE

TEST CENTER

FEATURES

COMMUNITY

OPINIONS

INTERVIEWS

FORUMS

RESEARCH

EVENTS

WEBCASTS

ADVERTISE

ABOUT InfoWorld

Reprints

ABOUT US
	About InfoWorld

	Services

	Advertise

	Contact us

	Reprint

	Employment

WHITE PAPERS

	Learn to secure your PCs from new and unknown hacker attacks.


	Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

		Window Manager Brian Livingston

Feel more secure yet?

REDMOND, WASH. -- It has now been more than three months since Microsoft chairman Bill Gates sent all employees his "Trustworthy Computing" e-mail, calling for the company's software to be made secure "right out of the box." So I've traveled to corporate headquarters here to find out on your behalf what progress the software giant has made so far.

I have no doubt that Gates is sincere in wanting to stop the headlines about how wide open his company's products are to malicious hackers. Persuading people to entrust their data to Passport, .Net, and Microsoft's many other offerings is hard enough. It's no help to see front pages reporting, say, that Passport had to be shut down for two days because people's credit cards could be acquired just by sending the victims a short e-mail message (see "Microsoft times out").

It isn't like Microsoft isn't trying. When security flaws are found, the company does strive to inform Windows users about free, corrective patches.

But this creates its own headaches. Since Windows XP shipped in October 2001, Microsoft has posted at least seven patches for the operating system, three of them rated "critical." (Some of these patches also apply to earlier versions of Windows.)

According to the company's security bulletin service (see www.microsoft.com/technet/security/current.asp), 60 patches were released for all Microsoft products in 2001 alone. That's more than one a week. Merely keeping track of the changes can be a full-time job, and in some cases, applying a patch has caused other problems.

I personally hope Microsoft gets this situation under control, so I can write about more interesting things than the latest threat.

I'm glad to report, therefore, that Gates' e-mail has so far produced at least one tool to cope with the flood of patches. It's called MBSA (Microsoft Baseline Security Analyzer), available at www.microsoft.com/technet/security/tools/Tools/mbsahome.asp. This program, released on April 8, runs on Windows XP or 2000 and searches a network of XP, 2000, and NT 4.0 SP4 machines for missing patches, insecure configurations, and weak passwords.

Some glitches, unfortunately, have already arisen. InfoWorld reported last week that MBSA gives erroneous warnings even after some hotfixes have been applied. (See "Microsoft defends Baseline Security Analyzer tool".)

Alternatives to MBSA include commercial programs that not only discover missing patches but apply fixes remotely to the vulnerable machines.

What has your experience been? I'll send a gift certificate for a free book, CD, or DVD of your choice to readers whose comments I print. Watch this space in coming weeks for more about your options.

Send tips to brian@brianlivingston.com. He regrets that he cannot answer individual questions. Go to www.iwsubscribe.com/newsletters to get his Window Manager column and E-Business Secrets e-zine free via e-mail.

RELATED SUBJECTS

Security

MORE >

SUBSCRIBE TO:�

� �

// // // Article

	ADVERTISEMENT
	SPONSORED LINKS Learn to secure your PCs from new and unknown hacker attacks. Click here to receive a FREE Success Kit from Oracle. SPEED, PERSONALIZATION AND INTEGRATION: THE KEY TO E-COMMERCE SUCCESS. Protect Your Data: Get your FREE Enterprise Backup Intelligence Kit from ADIC. New HP digital projectors � click now for limited-time introductory offers.

	<A HREF="http://ad.doubleclick.net/jump/idg.us.ifw.community/opinions;abr=!ie;pkey=security;skey=enduserapp;paud=endusersupportmgmt;pos=bot;sz=468x60;tile=4;ord=014914250902?"><IMG SRC="../../../../../../ad/house/verisign_cpc/lock_468x60_5_es.gif" BORDER="0" HEIGHT="60" WIDTH="468"></A>

ABOUT INFOWORLD | SITE MAP | EMPLOYMENT | PRIVACY | CONTACT US