Microsoft, under attack, aims to offer security

Two and a half years after launching its Trustworthy Computing initiative Microsoft is finding its products the target of escalating attacks, to the extent that some security experts are even warning that the company's Internet Explorer (IE) browser is simply not safe to use.

While the company has been trying to take these slings and arrows in its stride, claiming they are an unfortunate side effect of being a market leader and that it's doing all it can to defend itself, users seem to be looking for reassurance that Trustworthy Computing will pay off - and soon.

"They've launched this Trustworthy Computing campaign and they are still issuing all these patches. They shouldn't make things so complex.

When is it going to get better?" asked software developer Michael Kranawetter. He was interviewed on the floor of the recent Tech Ed conference in Amsterdam where about 6000 software developers and IT professionals gathered to hear the latest in Microsoft development news.

To be fair, Microsoft has been working hard to streamline its patching process, by releasing combined fixes when possible and delivering them on a monthly release schedule, for instance. It is also providing a free patching service and a centralised place for users to find fixes.

Besides improved patching, it is also moving to bolster the security of its desktop software, by turning off potential ports of attack and adding security features such as a firewall enabled by default, to help users protect their PCs.

Many new security improvements are due to be delivered with the much anticipated Windows XP Service Pack 2 (SP2), an update to the Windows XP operating system (OS), which is so jam-packed with fixes and features that installing it is said to be like a installing a whole new OS.

Microsoft executives have promised to deliver SP2 by "the end of [the Northern] summer" although Microsoft senior drector of Trustworthy Computing for Europe, the Middle East and Africa (EMEA) ,Detlef Eckert, said at Tech Ed that "summer ends in September this year".

"We have now realised -- to some extent, painfully -- that the security atmosphere has changed which is why we are putting so much effort into Service Pack 2," Eckert said. "Most of these new features would have blocked against recent attacks."

The company learned a great deal from threats like the Sasser Internet worm, he said, which wreaked havoc earlier this year by exploiting a disclosed hole in a component in Windows.

"We know we need to move ahead of the attack cycle and mitigate against specific attacks against applications," he said.

But while the company has been working to address users' security woes, it continues to come under attack from virus writers who clearly have a few tricks up their sleeves.

One of the latest attacks used websites running Internet Information Server (IIS) to launch malicious computer code, and prompted the company to release updates to its Windows 2000, XP and Windows Server 2003 software last week to help users fend off the attacks.

The company also said last week that it was planning to release a number of updates in coming weeks to shore up the security of IE.

The company's IE browser seems to have become target number one for virus writers. In one of the latest attacks against it hackers took advantage of a browser extension functionality to steal login information from banking sites.

Numerous vulnerabilities in IE, which holds more than 95 per cent of the browser market, have even prompted some security experts to warn against using the product all together, suggesting that users switch to options such as Opera, Netscape or Mozilla.

"It's safe to say that IE is not safe to use," director of antivirus research at F-Secure, Mikko Hypponen, said. "I don't use it and I know of companies that have banned it all together."

The US Computer Emergency Readiness Team, or US-CERT, also recently suggested that users reduce exposure to IE vulnerabilities by using a different browser.

Hypponen warned, however, that for many companies simply allowing users to switch to another browser was not the answer. "There are two nightmares a systems administrator can have," he said. "One is having security vulnerabilities and the other is having to support users who are all using different applications." Furthermore, many Net applications are tied to IE, so switching may not be a practical option for some.

But while not all software users are free to change platforms when threat levels gets high, some can. Microsoft doesn't seem too concerned about a mass exodus from its products, however, saying that if enough people moved to another brand of browser, for example, it would also come under attack.

"Other browsers have problems too,"Eckert said. "IE has just been widely used in attacks because it's number one."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Scarlet Pruitt

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?