Microsoft used its annual Exchange conference last week to fight
back against accusations that it is weak on security.
The company has come under fire in recent weeks in the aftermath of
the damaging Code Red and Nimda worm attacks, which both hit the
same vulnerabilities in Microsoft's Internet Information Server
(IIS) software. Analyst group Gartner went as far as recommending
that companies look into replacing it with more secure server
software.
While at pains to point out that, as market leader, Microsoft
software will be the main target for virus writers, company
officials admitted that security was a problem.
To this end, the company launched a security initiative, called the
Strategic Technology Protection Program, which, it said, "marks an
unprecedented mobilisation of Microsoft's people and resources to
proactively assist customers of any size to secure their computing
environments".
Brian Valentine, senior vice-president of the Windows division at
Microsoft, said, "[Security] is a problem that affects the entire
industry, but we recognise there is more work to do. Effective
immediately, we are stepping up our efforts with the singular focus
of ensuring the security of our customers' networks and
businesses."
The first phase of the scheme, called Get Secure, will include free
virus-related product support and an online Security Toolkit that
includes a lockdown tool for Windows 2000 IIS.
A second, longer-term phase of the programme, called Stay Secure,
will provide customers with the tools, technologies and resources
they need to stay secure, said Microsoft. As part of this phase,
the company will deliver the next version of IIS locked down by
default, providing customers with an automated tool to customise
and secure the server software.
Kevin McCuistion, group product manager of Exchange at Microsoft,
said users also have a role to play in improving security.
"We are committed to working with customers, but users also need to
be proactive - patches that would have prevented the Nimda virus
were available for weeks before it struck," he said.
daniel.thomas@rbi.co.uk