Microsoft Renews Its Commitment to Security Education

[InfoSec News <isn () c4i org>]

http://www.microsoft-watch.com/article2/0,1995,1549876,00.asp

By Mary Jo Foley 
March 16, 2004 

Company execs reiterate security roadmap; talk up forthcoming
'Security Summit' roadshow.

If you lead customers to the security trough, will they drink?

Microsoft seems convinced they will. And the company is pulling out
all the stops to continue to educate its users, reasoning that a more
educated customer base will be a more secure customer base.

Mike Nash, corporate VP in charge of Microsoft's security business and
technology unit, reiterated in a Web cast on Tuesday Microsoft's plans
to continue to deliver security-assessment and vulnerability-analysis
tools as part of its educational outreach.

Nash also told Web cast participants that Microsoft will release for
download on Wednesday, March 17, a new scripting capability for its
Microsoft Baseline Security Analyzer 1.2, a product which performs
scans of Windows systems for security misconfigurations. The new
scripting tool will allow users to scan an unlimited number of
computers or IP addresses from a single input file.

Nash said Microsoft is sticking to its current security-product
timetable. In the first half of this year, the company will roll out
its Windows XP Service Pack 2 release. (A broad-scale beta of SP2 is
expected imminently.) It also will deliver the final release of its
Internet Security and Acceleration 2004 product before mid-year, Nash
said.

In the second half of this year, Microsoft will deliver its first
service pack for Windows Server 2003; its Windows Update Services
(formerly known as Software Update Services) 2.0 release; its
Microsoft Update patch-catalog technology; and other, unnamed security
"enhancements."

Some time in the future — Nash did not specify any dates — Microsoft
will deliver its Exchange Edge Services, Next Generation Secure
Computing Base (formerly code-named "Palladium") and its Active
Protection technologies, he said.

Active Protection technologies take the XP SP2 security enhancements
to "the next level," according to Microsoft officials. The company
first outlined its plans for Active Protection at the RSA conference
last month. The first of these technologies are expected to debut as
part of the Longhorn Windows client, which is expected to ship in
2006.

Active Protection describes three groups of technologies that
Microsoft is devising to run across Windows desktops and servers.  
Dynamic-systems-protection technologies are those which will monitor
changes in machine state, and will automatically open and shut ports
to lock down systems. Behavioral-blocking technologies are those
designed to limit the impact of worms and viruses by blocking risky
user behaviors (like clicking on a .exe file sent via e-mail). And
application-aware firewall and intrusion-prevention technologies will
take the security settings in the existing Windows firewall a step
further.


Security Summit Roadshow Coming to a City Near You

During Tuesday's Web cast, Nash reiterated the commitment made last
fall by CEO Steve Ballmer to "reach, train and educate in security
over 500,000 people within the next 12 months." Nash said Microsoft
will achieve this goal by the end of calendar 2004.

Microsoft is planning a two-month traveling "Security Summit" roadshow
that will kick off April 6 in New York City. The summits offer in a
day much of the same security content that Microsoft has made
available over the past few months in its Web casts and online chats.

Microsoft is offering Security Summit attendees a choice of a
developer track or an IT Professional track. And all attendees will
receive a free "Microsoft Security Guidance Kit," which is a DVD full
of tools for assessing security and helping to mitigate existing and
future security threats, according to the company.

Different Microsoft executives are slated to keynote the summit in
different cities. Among those on the docket, in addition to Nash:


* Rick Devenuti, Corporate Vice President, Chief Information Officer

* Scott Charney, Chief Trustworthy Computing Strategist

* Richard Kaplan, Corporate Vice President, Content Development and
  Delivery Group

* Brian Valentine, Senior Vice President, Windows Core Operating
  System Division

* Tom Button, Corporate Vice President, Windows Client Product
  Management Group Division

* Simon Witts, Corporate Vice President, Enterprise and Partner Group

(This article includes content from the March 4, 2004, issue of the
Microsoft Watch newsletter.)


 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.