Microsoft Launches Security Initiative

In an attempt to combat the increasing number of Internet attacks aimed squarely at its customers, Microsoft is launching a security initiative. The announcement follows a string of virus and worm attacks, including Code Red and Nimda, which struck thousands of servers and cost billions in repairs worldwide.

The Strategic Technology Protection Program has two phases. With the first phase, Get Secure, Microsoft will offer free virus-related customer support and will provide a new security tool kit. The kit, available for download at www.microsoft.com/security, includes an Internet Information Services software "lockdown tool" as well as service packs and hot fixes for both Windows NT and 2000 operating systems to help companies secure their servers.

The second phase of the initiative, Stay Secure, will include an automated security update service designed for more complex business networks, which will be available by the end of this year. Within 60 days, Microsoft also will start providing security roll-up packages through Windows Update, with each update requiring only one step and reboot to deploy.

Stay Secure will also expand Microsoft's recently revealed Secure Windows Initiative, a commitment to improve internal development processes and provide more secure software. The company says it has taken aggressive steps to eliminate buffer overruns, a common type of software vulnerability, from the next version of IIS. Future versions of IIS will also be shipped "locked down" by default, meaning certain functions of the software will be turned off. Customers will use a new wizard to customize and turn on only the software services they need for their businesses.

"It'll be interesting to see how customers react to Microsoft shipping IIS with a considerable amount of its functionality shut off," says Frank Prince, security analyst with Forrester Research. "Until now, Microsoft has been shipping IIS with all of the functionality up and running, and it let customers decide to increase security. Shipping it fully secure and asking customers to open it up is a completely different approach."

Because of the popularity of the company's products, "they have been walking around with a big target on their foreheads," says Pete Lindstrom, Hurwitz Group security analyst. "They've been working their tails off to help people get their systems more secure," he says of Microsoft's recent moves to tighten the security of its software.