Earlier today, Microsoft announced a far-reaching set of Windows
security initiatives, as summarized in the company's press release at
<http://www.microsoft.com/presspass/press/2003/oct03/10-09SecurityInvestmentspr.asp>.
Highlights:
- Building new protections against attack into Windows XP
and Windows Server 2003:
The new technologies for Windows XP, for example, "will
focus on protections against the four types of attacks
that constitute the largest percentage of threats:
port-based attacks, e-mail attacks, malicious Web content
and buffer overruns."
For instance, as Microsoft's CEO Steve Ballmer noted in a speech about
these initiatives today:
>One of the things that has been a big issue for us is buffer
>overruns ... There's new technologies that will help us essentially
>lock that memory so that worms and exploits can't write into bad
>pieces of memory after a buffer-overrun problem.
The new technologies for Windows Server 2003 will include role-based
security configurations, as well as intranet and remote access
connection client "inspection" technologies, which, in Ballmer's
words, will:
>provide shields or safety measures that essentially block off an
>infected remote client or a laptop that comes back into the
>environment after it's been out and been exposed. ... any system
>that gets introduced is inspected and you can refuse to allow it on
>the network if it doesn't pass health inspection. So a VPN system or
>a laptop system can be inspected before you let it back on the
>network, before it infects anybody ..."
The new "safety technologies will first ship in
Service Pack 2 for Windows XP, planned for the first
half of 2004, and subsequently in the Service Pack 1
for Windows Server 2003."
- Kinder and gentler patches
- Moving "to monthly patch releases, which will reduce
the burden on IT administrators by adding a level of
increased predictability and manageability."
- "Introducing rollback capability for all new patches"
- "Reducing downtime by requiring 30 percent fewer
reboots during deployment ..."
- "Consolidating the number of patch installers to two for
Windows 2000-generation products by the first half of 2004."
- "Extending security patch support for Windows NT(R)
Workstation 4 Service Pack 6a and Windows 2000
Service Pack 2 through June 2004."
- New tools for patching
These tools will include Microsoft's "free Software Update
Services 2.0, which will be released in the first half of
2004 and will provide a seamless patch, scanning and
installation experience for Windows, SQL Server(TM),
Office, Exchange Server and Visio(R)."
- New security seminars and training courses
These include:
- "TechNet Security Seminars beginning later
this fall [2003] at no charge to customers."
and
- "Monthly security webcasts beginning in November [2003]."
Aron Roberts
Workstation Software Support Group
P.S. Steve Ballmer's speech introducing these initiatives is at:
http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu Oct 9 16:01:43 2003
This archive was generated by hypermail 2.1.8 : Thu Oct 09 2003 - 16:01:44 PDT