'Threat fatigue' an ever-present danger for IT

Software vulnerability ratings have a lot in common with terror threat levels. If the level rises too high too often, "threat fatigue" sets in. And the consequences can be disastrous if people become complacent.

So, for companies such as Microsoft, there's a delicate balancing act between sounding a legitimate alarm and sounding like the boy who cried wolf. This week, Microsoft erred by downplaying a threat to its Outlook mail client, but quickly corrected itself when presented with evidence that the flaw merited a "critical" label.

On Tuesday, as part of its monthly patch-release schedule, Microsoft issued three fixes. In that original notification, Microsoft called the flaw in some versions of Outlook merely "important." It appeared at first that the flaw could be exploited only by targeting those who use the Outlook Today folder as their default homepage. However, Finnish security researcher Jouko Pynnonen successfully made the case to Microsoft for "critical" because, he said, a hacker could use two "mailto" URLs to ultimately launch Outlook Today and insert malicious code.

Give Microsoft credit for giving Pynnonen credit.

Climbing the management summit

If you're unclear on Microsoft's latest management-software concept, you're probably not alone. Redmond has talked about unifying its desktop management product (Systems Management Server) and server management product (Microsoft Operations Manager) under one roof. Called System Center, the combined offering will offer single-console control of both desktops and servers.

Some users, however, are concerned about possible admin turf wars that might be caused by a unified approach, and they are also confused about how Microsoft plans to license the product. Microsoft management guru David Hamilton has already said there will be some "functional independence" between SMS and MOM, but look for Redmond to clarify its plans on this issue -- and several related ones -- at next week's Microsoft Management Summit in Las Vegas.

Many say that the new Can Spam Act will do little to stop spammers. We'll soon find out. This week, Microsoft and three other top Internet service providers jointly filed the first lawsuits under the new federal spam-prevention law, which prohibits spammers from obscuring their identities and using other deceptive e-mail practices. Six suits were filed by the four ISPs in federal courts in four states. Let the litigation begin.

On Wednesday, news broke that Microsoft will put Yukon -- the next version of its SQL Server database -- on the shelf until the first half of 2005. The product will be delayed while a third round of beta-testing takes place, which some speculate may be needed to work out some security kinks. In a related development, Whidbey, Microsoft's project label for its newest Visual Studio developer tools, will also see its release pushed back to the first half of 2005.

Army commands put on notice

The U.S. Army issued a couple of Microsoft-related orders this week. In the first instance, Army brass told their civilian employees to stop accepting free copies of Office 2003. (Microsoft commonly gives away some copies of new software to big customers.) By accepting the "gift" copies of the productivity suite, which retails for about $500, those federal workers may be violating ethics rules, the Army said.

Also this week, the service branch issued a directive to all of its commands to start phasing out Windows NT 4.0 systems. By 2005, the Army expects that all active duty, National Guard and Reserve commands will be on either Windows 2000 or a newer version of the operating system.

Good news for Windows administrators was tucked into a new CIO spending report by Robert Half Technology Inc. The Menlo Park, Calif.-based firm said that 79% of the CIOs it polled had a demand for IT professionals with Windows (NT/2000/XP) administration skills. Also in high demand were SQL Server administrators, who were coveted by 39% of the respondents.

FOR MORE INFORMATION:

Microsoft upgrades Outlook flaw to critical

Microsoft's management vision coming into focus

Microsoft: Yukon needs more testing

Microsoft, others sue under antispam law

Army to drop older Windows

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close