[ISN] Microsoft Renews Its Commitment to Security Education

From: InfoSec News (isn@private)
Date: Tue Mar 16 2004 - 23:36:22 PST

  • Next message: InfoSec News: "Re: [ISN] Symantec: Boom Times For Hackers"

    http://www.microsoft-watch.com/article2/0,1995,1549876,00.asp
    
    By Mary Jo Foley 
    March 16, 2004 
    
    Company execs reiterate security roadmap; talk up forthcoming
    'Security Summit' roadshow.
    
    If you lead customers to the security trough, will they drink?
    
    Microsoft seems convinced they will. And the company is pulling out
    all the stops to continue to educate its users, reasoning that a more
    educated customer base will be a more secure customer base.
    
    Mike Nash, corporate VP in charge of Microsoft's security business and
    technology unit, reiterated in a Web cast on Tuesday Microsoft's plans
    to continue to deliver security-assessment and vulnerability-analysis
    tools as part of its educational outreach.
    
    Nash also told Web cast participants that Microsoft will release for
    download on Wednesday, March 17, a new scripting capability for its
    Microsoft Baseline Security Analyzer 1.2, a product which performs
    scans of Windows systems for security misconfigurations. The new
    scripting tool will allow users to scan an unlimited number of
    computers or IP addresses from a single input file.
    
    Nash said Microsoft is sticking to its current security-product
    timetable. In the first half of this year, the company will roll out
    its Windows XP Service Pack 2 release. (A broad-scale beta of SP2 is
    expected imminently.) It also will deliver the final release of its
    Internet Security and Acceleration 2004 product before mid-year, Nash
    said.
    
    In the second half of this year, Microsoft will deliver its first
    service pack for Windows Server 2003; its Windows Update Services
    (formerly known as Software Update Services) 2.0 release; its
    Microsoft Update patch-catalog technology; and other, unnamed security
    "enhancements."
    
    Some time in the future — Nash did not specify any dates — Microsoft
    will deliver its Exchange Edge Services, Next Generation Secure
    Computing Base (formerly code-named "Palladium") and its Active
    Protection technologies, he said.
    
    Active Protection technologies take the XP SP2 security enhancements
    to "the next level," according to Microsoft officials. The company
    first outlined its plans for Active Protection at the RSA conference
    last month. The first of these technologies are expected to debut as
    part of the Longhorn Windows client, which is expected to ship in
    2006.
    
    Active Protection describes three groups of technologies that
    Microsoft is devising to run across Windows desktops and servers.  
    Dynamic-systems-protection technologies are those which will monitor
    changes in machine state, and will automatically open and shut ports
    to lock down systems. Behavioral-blocking technologies are those
    designed to limit the impact of worms and viruses by blocking risky
    user behaviors (like clicking on a .exe file sent via e-mail). And
    application-aware firewall and intrusion-prevention technologies will
    take the security settings in the existing Windows firewall a step
    further.
    
    
    Security Summit Roadshow Coming to a City Near You
    
    During Tuesday's Web cast, Nash reiterated the commitment made last
    fall by CEO Steve Ballmer to "reach, train and educate in security
    over 500,000 people within the next 12 months." Nash said Microsoft
    will achieve this goal by the end of calendar 2004.
    
    Microsoft is planning a two-month traveling "Security Summit" roadshow
    that will kick off April 6 in New York City. The summits offer in a
    day much of the same security content that Microsoft has made
    available over the past few months in its Web casts and online chats.
    
    Microsoft is offering Security Summit attendees a choice of a
    developer track or an IT Professional track. And all attendees will
    receive a free "Microsoft Security Guidance Kit," which is a DVD full
    of tools for assessing security and helping to mitigate existing and
    future security threats, according to the company.
    
    Different Microsoft executives are slated to keynote the summit in
    different cities. Among those on the docket, in addition to Nash:
    
    
    * Rick Devenuti, Corporate Vice President, Chief Information Officer
    
    * Scott Charney, Chief Trustworthy Computing Strategist
    
    * Richard Kaplan, Corporate Vice President, Content Development and
      Delivery Group
    
    * Brian Valentine, Senior Vice President, Windows Core Operating
      System Division
    
    * Tom Button, Corporate Vice President, Windows Client Product
      Management Group Division
    
    * Simon Witts, Corporate Vice President, Enterprise and Partner Group
    
    (This article includes content from the March 4, 2004, issue of the
    Microsoft Watch newsletter.)
    
    
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 17 2004 - 02:15:31 PST