Comment Articles

Model security from Microsoft?

Published: 12 Mar 2004 11:55 GMT

In three months, Microsoft users will finally reap the benefits of the company's new focus on security. The release of the second major update to Windows XP answers many long-standing design criticisms of its operating system.

But this was not a pain-free learning exercise. Indeed, Microsoft paid a steep price in the coin of user dissatisfaction -- and in some cases, lasting mistrust.

In September 2001, the Nimda worm spread throughout networks worldwide, leading corporate customers -- including many financial firms -- to chastise Microsoft for failing to plug vulnerabilities in its code.

Two years later, the MSBlast worm and a variant of the program infected Windows computers and corporate networks, once again bringing consumer and corporate wrath on the company. But the attacks also compelled Microsoft to rethink how its provision of improved security.

Nimda resulted in the Trustworthy Computing Initiative, which is a companywide programme designed to prod Microsoft's development teams toward producing more secure code.

In the aftermath of MSBlast, Microsoft has refocused on security for its next update to the Windows XP operating system, Windows XP Service Pack 2. The changes feature an improved firewall, the ability to turn off pop-up ads and ActiveX controls in Internet Explorer and a control panel that will display the current state of a PC's security.

"One of the things that we really learned after August and Blaster is that... it is not enough to have the technology there; it has to be accessible as well," said Neil Charney, director of product management for Microsoft's Windows Client Group.

The aim is to bring ease-of-use concepts to security. The Windows Security Centre will have a simple set of status displays, showing whether the PC is protected by a firewall and has the most recent patches. It will also make sure that the antivirus software is turned on and updated. Users also will be urged to turn on the basic security protections.