Microsoft finally appears to be taking note of the public perception of its products' insecurity, but just how much is it doing to soothe virus-ridden consumers? Speaking at the Microsoft IT Forum in Copenhagen on November 12th, Klaus Holse Andersen, Microsoft vice president for Northern Europe, admitted that the software company's security performance had been less than stellar: "It's been a fairly painful year... from a security standpoint, there have been more patches than we would have liked but we're starting to clear that."
There's no doubt that Microsoft is keen to be seen to be making some effort on the virus front, particularly in terms of patch management. Its patch-management security push--including company-wide patch-management features turning up in Microsoft's newly launched Systems Management Server, patch-management guidance being distributed on its website and the streamlining of the number, outlets and size of patches for users--serves to demonstrate the software giant's commitment to pulling itself out of the security mire. However, it could be that Microsoft's landmark move towards monthly, rather than as-and-when, patching is a further weakness--giving virus writers a 'heads up' on the optimum time to target systems. Not so, according to Steven Adler, senior security specialist at Microsoft. The Microsoft argument is that previously, when patches were announced amid a general noise of confused security warnings, it was far more likely the message would be missed by all but the hackers and virus writers. Now IT managers know which one day of the month they need to tune in to get all their updates. Where next for Microsoft security? A mix of software, hardware and education, it seems. One of the next areas to get the Redmond treatment is behavior blocking--meaning mechanisms to detect and stop computers behaving in a suspicious way, such as sending a message to every e-mail address on a network, a technique often characteristic of a spreading virus. Continued at ZDNet.