Microsoft defends security record
Microsoft defends security record
Microsoft defended its security record today by outlining available methods that can protect its office systems against damaging viruses, such as the Sasser worm and MyDoom, to counter claims that recently released open source desktops offer much more robust systems.
Microsoft has been hit hard over the last year by increasingly sophisticated hackers who have found new ways to infiltrate its operating systems in numerous organisations and businesses.
With the trend increasing, and a recent survey by AusCERT revealing that nearly 50 percent of companies are concerned about these attacks, Microsoft is geared up to erase fears over the security of its systems.
Speaking as a keynote speaker at the Microsoft Australia Security and Management Summit, held today at Darling Harbour, Ben English, Microsoft Australia's security mobilisation lead said. "1000 viruses a week are being created. So there is a number of problems with the severity of the viruses as well. They are getting very complicated and attack on multiple vulnerabilities. There are social engineering issues on the increase too, such as the phishing scams that have hit banks hard recently.
"We are trying to frame these problems with isolation technology, where we can shield the systems against potential threats. With Windows XP SP2, for instance, the firewall is always turned on. Code Red would not have got through this firewall.Sometimes viruses arrive in the form of pop-ups, and XP SP2 closes this type of virus down too before it gets out of hand. You get a lot of control and visibility over its problems with this downloadable update."
Windows XP SP2 is currently available now, but the top range version of this product will be available from July onwards. According to English, this will be the most secure system Microsoft will have ever released in terms of minimising the threat of virus invasions.
The technology includes network protection, memory protection, improved email security and safer browsing. It aims to provide an enhanced security infrastructure with increased manageability and control for IT professionals and an improved experience for users.
He added that people are more aware of viruses and worms now, so are downloading patch updates to help protect them against threats. He is happy that the message is getting through more these days. "We had four times as many downloads in the first ten days of the Sasser attack than we did during the first ten days of the Blaster attack. So things are improving because people are realising more that they can protect their systems. In terms of other open source desktop systems offered by companies such as Sun Microsystems, we expose our customers to less risks than those companies claim.
"The Linux installations, for one actually have a lot more data risks in their updates than we do. We fix our vulnerabilities 100 percent, which is much more thorough than the other open source systems out there. The severity of our vulnerabilities is generally less than other vendors too. We are not happy that we have vulnerabilities in our code, but I think it's important to expose the weaknesses in the code of other vendors too. This is an industry problem. It's not going to be fixed quickly."
He does believe that the public still needs to realise that they can do more to prevent the viruses getting through. He believes that Microsoft provides enough resources for protection, especially with the top model of Windows XP SP2 being released soon, but the users still need to know that they have to run the updates to activate the protections. "The security environment is maturing now. As the awareness goes up, there is less chance of people being affected. We are investing money into research that will discover new ways to make the software even more resilient. This will involve client inspections, quarantining technology and shielding technology with more intelligent firewall protection.
"We aim to provide products that allow developers to build security right into the code to create automatic checking, constant security monitoring activities and a marriage between the hardware and the software, so that the hardware will stop malicious software running on the hardware."
Related Article: