A study by PricewaterhouseCoopers has shown
that three-quarters of UK businesses, hampered by skill shortages
and a lack of investment in security, are condemned to security
breaches.
IT users worldwide are being targeted in educational campaigns
by technology heavyweights such as Microsoft, which claimed it can
only do so much to reduce security threats without more user
co-operation.
Jonathan Perera, Microsoft's senior director of product
management in the Security Business and Technology Unit and speaker
at the InfoSecurity Europe 2004 conference in London, called it
"the grey matter bug", users clicking on buttons they should not,
inadvertently downloading viruses and opening the door for other
security breaches unawares.
Microsoft is fighting this particular bug through broad
educational campaigns, targeting both IT students by supplying
educational materials for IT security course work, and end-users
via its software.
"I think we can use software to educate users about software
security," said Perera. That is what the company is planning to do
with Windows XP Service Pack 2, due out later this year, he
added.
Service Pack 2 will include prompts to help users establish
firewalls, block pop-up ads and update anti-virus software.
"We want to reduce the attack surface of our products," he
said.
Microsoft chairman and chief software architect Bill Gates
recently outlined moves to isolate threats and increase product
resiliency and quality, as well as broad educational efforts.
The company is also working with an increasing number of
third-party software suppliers and security researchers to reduce
security threats.
David Litchfield, managing director of Next Generation Security
Software (NGSS), said that Microsoft is doing an enormous amount to
improve the security of its products.
NGSS is working with the company to detect and analyse potential
threats. Two and a half years into its Trusted Computing
initiative, Microsoft has cited a fall in the number of critical
and important security bulletins it has released as proof that the
measure is working.
Windows Server 2000 had 42 critical and important security
bulletins, whereas Windows 2003 has had 13, Perera said.
While Microsoft looks to end users to help further reduce
threats, there is still user frustration over having any security
bulletins at all, prompting large amounts of lost time and money to
patch systems.
"Microsoft needs to do more," said conference attendee Richard
Holt , who works in IT support for a London company. "Each patch is
a headache."
Scarlet Pruitt writes for IDG News Service