MS relieves patching ‘pain point’

Trustworthy Computing phase II

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Microsoft yesterday outlined plans to simplify patch management, which even Redmond admits has been a long-term "pain point" for its customers.

In a keynote address this week's RSA Conference 2003, Mike Nash, corporate vice president of the Security Business Unit at Microsoft, outlined the next steps in the company's high-profile Trustworthy Computing initiative.

In his presentation, Nash outlined the tools and technologies Microsoft will deliver over the next 12 months to address four key scenarios customers have described as critical to bringing added security to their computing environments: patch management, information worker enable ment, secure Web development and secure network access.

With Windows Server 2003, Microsoft is beginning the apply secure by default ideas that will, hopefully, guard against repetition of the numerous security risks (Nimda, Love Bug etc,) which have taken advantage of weak default configuration. But that still leaves older products to worry about.

Due in part to its complexity, patching existing products is one of the great "pain points" today for customers, Microsoft says.

A key focus for Microsoft is to make this process simpler.

For IT admins, Microsoft Software Update Services (SUS) and Systems Management Server 2.0 Software Update Feature Pack 1 currently help automate patch installation for the Windows(R) platform.

Later this year, Microsoft will release SUS 2.0, which will include update functionality for a broader set of Microsoft products. In addition, Microsoft will release Systems Management Server 2003 later this year, which will include features such as the ability to automatically install patches during scheduled downtime.

For consumers and small businesses, Microsoft's Windows Update and Automatic Update are often the primary vehicles for delivering security patches for the Windows platform. Microsoft wants to extend these services over the coming year to a wider variety of Microsoft products.

To simplify security management and operations for all customers, Microsoft will reduce the number of patch installer technologies used across the company and offer new security configuration wizards. Also, Microsoft Baseline Security Analyzer 1.2 will be released later this year, making it easier for users to identify unpatched systems.

To further "Information worker Enablement", Microsoft is promoting Windows Rights Management Services (RMS), which allows organisations to control the distribution of documents within corporates, and improved technical collaboration with antivirus vendors.

Fix the problem, not the blame

Any computing platform is subject to security problems from time to time. Much energy is focused on counting the quantity of security problems (Is Linux better? Is Windows worse?), or accessing the seriousness of exploits.

Microsoft gets it in the neck on both these points, especially whenever a high-profile Windows exploit is released. There's often a rush to blame either Redmond or the end-user, for failing to apply long-available patches.

The sheer quantity of patches (for Windows, Unix, Linux and applications) can be hard to keep up with but the other factors are worth considering. Often (and this is particularly the case with MS patches, unfortunately) fixes fail to work as advertised, cause conflicts or are otherwise difficult to apply.

In recognising this problem - and trying to do something about it - Redmond deserves a small pat on the back. Just a small pat, mind you, let's reserve praise for a time our mailbags don't bulge with gripes about patching problems.

Secure by design

Microsoft also wants to make it easier for developers to build secure applications.

Next week, with the release of Visual Studio(R) .NET 2003 and the .NET Framework 1.1, Microsoft will offer system administrators "more-granular control" over how they can lock down the Web applications and Web services running in their datacenters.

Visual Studio .NET and the .NET Framework will also help enable secure deployment of Windows-based "smart" client applications over the Internet, it's hoped.

In the third quarter of 2003 of this year, Microsoft also will release a guide to provide developers and administrators with development-through-deployment best security practices around .NET Framework-based solutions.

As an example of how Microsoft is boosting secure net access, Nash highlighted Microsoft's decision to offer Wi-Fi Protected Access, or WPA, as a download for users of Windows XP SP1. WPA offers much more robust methods of encryption and authentication compared with its predecessor, WEP.

Another area of focus for Redmond is Storage Area Network (SAN) security.

Microsoft wants to drive the adoption of the Internet Authentication Service (IAS) component in Windows Server, which is supported by leasing SAN switch vendors such as Brocade and McDATA.

To help boost network security, Microsoft earlier this year delivered Feature Pack 1 for its Internet Security and Acceleration server, which provided advanced application-level filtering capabilities. ®

Related stories

IT managers trust Microsoft on security...
Leeds Uni, MS teach undergrads to write secure code
Open and closed security are roughly equivalent
Cost of securing Windows Server 2003? Nearly $200m
Trustworthy Computing does Moon Walk (but not yet)
Security 'impossible' for Win9x, buy XP now, says MS exec
Microsoft outlines 3D progress to Trustworthiness
Gartner slams MS security after latest flaw

Choosing a cloud hosting partner with confidence

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story


Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.