SCN: hmmm
Steve
steve at advocate.net
Thu Apr 12 08:42:35 PDT 2001
x-no-archive: yes
=======================
Microsoft declares war on hostile code
(Robert Lemos, ZDNet News)---Can Microsoft beat the security
bugs? That's the intent of a multipronged strategy that the software
giant unveiled Tuesday at the RSA Data Security Conference. If
successful, the strategy will allow users to have the customizability
they crave, while eliminating the security holes that have been a
chronic black eye, said representatives of the Redmond,
Washington company on Tuesday.
"The idea is, if you are a normal home user, to be able to turn on
your PC, not do anything else, and you will be safe and secure,"
said Steve Lipner, manager of Microsoft's security response center.
The project is aimed at waging what Microsoft is calling a "war on
hostile code." Dave Thompson, vice president of Windows
development for Microsoft, outlined the initiative during a Tuesday
afternoon keynote at the conference here.
The goal: Secure Windows XP. The newest version of Windows is
due out in this fall and will come in several flavors: one for home
users, another for business users and a later version able to run on
64-bit processors.
"It's an unending war, I'm sure," Thompson said during his speech.
Retiring the old Windows code--upon which Windows 95, 98 and Me
are based--is the first step toward securing the PC. Or, as Lipner put
it, "Windows XP is based on the Windows NT code base--it's a real
operating system."
With the ability to limit access permissions to particular users--a
feature common in Unix and other "real" operating systems--
Windows XP will have more security right off the mark.
Yet, Microsoft doesn't intend to stop there, Lipner said.
Through a series of moves--including "spot the bug" e-mails,
classes on writing secure code, and messages from higher-ups in
the company supporting secure code--Microsoft hopes to focus its
programmers on delivering bug-free and reliable code.
"We are imbuing security into the company's culture, we really are,"
he said.
On the Web site, the company has started posting update
information in XML so other software companies can make update
agents that can automatically check which updates the user needs.
Without frequent patching, any operating system can quickly
become insecure.
The software giant also intends to start rating its updates on how
critical they are for the computer user to install.
Finally, Microsoft intends to add a number of applications and
utilities to add security to Windows XP.
System administrators will be able configure systems' security
using tools that will turn company policies--such as no personal
Web surfing and no sending executables in e-mail--into specific
settings.
A personal firewall, or Internet-connection firewall, will give users a
higher level of security right off the bat, Lipner said. And a
"credential manager" will enable user to securely store their
passwords for Internet sites on their computer in a digital vault. The
manager will automatically give the passwords to the originating
site, effectively letting people access all their accounts with a single
sign-on.
Yet will the move to security earn Microsoft praise or curses from its
customers?
Microsoft's customers showed how fickle they can be when many
vocally panned the giant's decision last week to block, in the next
version of Outlook, several types of e-mail attachments that could
be used to spread viruses.
However, Lipner said it can improve security without turning off its
customers.
"When we get to some of the new things that we have done--in
particular the software-restriction policies and the components of the
.Net. We have the ability to tune things so you can have your cake
and eat it too."
Copyright 2001 ZDNet Inc.
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list