NEW ORLEANS -- Microsoft chief executive officer Steve Ballmer today laid out a broad plan to improve security for the Windows platform.
Speaking at Microsoft's Worldwide Partner Conference, Ballmer said he believes there will be as much innovation in the next 10 years as there was in the last 10 years. But high-tech innovation is being hampered by pressure to focus enormous amounts of attention on security issues, he said.
Ballmer acknowledged that the quality of Microsoft patches and the patching process itself is inconsistent, and he said that customers need best practices for patch management because they're simply overwhelmed with the sheer number of vulnerabilities in their systems.
"Has Trustworthy Computing worked?" he asked rhetorically. "I feel it has, but we have a lot more to do."
During his keynote, Ballmer also laid out ways to improve patching, offered information about Redmond's new guidance and training initiatives and talked about ways to mitigate vulnerabilities without having to patch vulnerable machines.
Ballmer said that, by May, the number of patching tools will be reduced to one. He said that patch quality will be improved and that patches will be given rollback capability. Also, new patching technology will be added that cuts the size of patches by 30% to 80%. He also promised there will be between 10% and 30% fewer system reboots required in the patching process.
In addition, Microsoft will offer a single place on Microsoft.com to find patches and patch information. Also, version 2.0 of Software Update Services (SUS), Microsoft's free patch deployment tool, will be available in the first half of 2004.
Some other highlights of the keynote include:
-- Microsoft will extend security support until June 2004 for Windows 2000 Service Pack 2 and Windows NT 4.0 Workstation Service Pack 4.
-- The company will begin putting out patches on a monthly basis, except in cases where emergency patches are necessary.
-- In December, Microsoft will kick off security seminars for customers and partners to provide education and security training. There will be monthly Microsoft security webcasts, as well as security seminars at the coming Professional Developers Conference.
-- Microsoft plans to launch a Web site dedicated to security issues.
Microsoft will also deliver a series of what it calls inspection technologies, which include several enhancements:
-- Improvements will be made to Microsoft's firewall technology -- admins will have the added ability to centrally manageme user access, for example.
-- Microsoft will deliver technology to better filter e-mail and instant messages.
-- In its Web browser, Microsoft will ensure that users cannot run ActiveX controls from Web sites that are not designated as trusted.
-- Microsoft will improve memory protection to "lock" memory so that worms and exploits can't write to bad pieces of memory (in buffer overflows).
-- Microsoft will move XP Service Pack 2 into beta by the end of the year, with a release-to-manufacturing date in early 2004. Windows 2003 Service Pack 1 will follow the client by a few months, Ballmer said.
FOR MORE INFORMATION:
Best Web Links: Patches