Microsoft seeks security overhaul

Speaking at Microsoft’s worldwide partner event in New Orleans last week, Ballmer unveiled the security technologies that will feature in the next upgrades of its desktop and server operating systems and pledged to make patching easier.

As part of the upgrades, the software will feature automated patching for business customers, and more secure default internet settings.

‘I think the criticisms that our customers and partners are highlighting about security is a defining moment,’ said Ballmer. ‘Our whole industry is threatened, in my opinion, by people’s fears to do new things because of security issues.’

Early next year, Microsoft will ship version 2 of its Software Update Server, which automatically downloads patches according to policies set by the customer. It is free to Microsoft customers.

‘The whole package can be seen as a recognition that security is not primarily about spending lots of money on fancy products,’ said Graham Titterington, principal analyst at Ovum.

Ballmer accepted that the number of patches issued by Microsoft has proliferated, but said that the time between release and the development of an exploit to take advantage of that vulnerability was dropping.

‘We want to make our customers resilient to attack even when patches aren’t installed. You should be able to install patches when you want, not the hackers,’ he said.

‘These people are criminals,’ he said. ‘They aren’t cute hackers and we are working with law enforcement to make sure they are found and brought to justice.’

By May next year, Microsoft will introduce one patching experience across the Windows platform and all the application products. It hopes to reduce the risk of deployment by providing rollback capabilities for all patches, and now has technology that reduces patch sizes by up to 80%.

Windows XP service pack 2 will feature additions such as the firewall switched on by default, more secure default email settings and better protection from malicious code on websites.

Microsoft is also working on a service pack for Windows Server 2003.

It will include inspection technologies that will scan a machine in a remote location, such as a laptop, and stop it from connecting to the corporate network if it is carrying a virus.

– Additional reporting by Iain Thomson