Microsoft announces security changes in fight against hackers

Microsoft has stepped up the fight against hackers by unveiling a series of measures designed to make its products more secure.

Microsoft has stepped up the fight against hackers by unveiling a series of measures designed to make its products more secure.

Following the spate of viruses and hacking attacks earlier this year, the software giant last week outlined three measures to address concerns that its products are too vulnerable to security breaches.

The first measure Microsoft will introduce is to reduce the frequency of publishing "non-critical" security notices from a weekly to monthly basis.

It also plans to re-engineer its Windows operating system to make it less vulnerable to buffer overflow attacks - the most common form of hacking - and to make it easier for companies to install firewalls.

The moves are part of Microsoft's Trustworthy Computing initiative to improve IT security.

In a keynote speech to Microsoft's worldwide partner conference in New Orleans last week, chief executive Steve Ballmer said, "Our commitment is to protect customers from the growing wave of criminal attacks."

Microsoft chief security officer Stuart Okin said the company would release security notices once a month, compared to updating users every Wednesday evening to give end-users more time to apply a patch.

In a bid to reduce the damage caused by buffer overflow errors, Microsoft planned to make significant changes to the way Windows handles memory manage-ment. In the service pack for Windows 2003, due out this quarter, Okin said Microsoft has rewritten memory management to use a feature in PC processors that alerts the operating system to a buffer overflow.

The final change is to firewall software for Windows XP users. Although internet firewall software is provided, Okin said many corporate users avoid it as it cannot be controlled centrally. This limitation has now been removed.

Butler Group analyst Mark Blower welcomed the developments. "Anything Microsoft can do is progress," he said, but he was concerned that the new memory management features could break existing applications.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...