Microsoft pledges to beef up security

Microsoft has reinforced its commitment to improving security features amid rising user concern and problems that continue to...

Microsoft has reinforced its commitment to improving security features amid rising user concern and problems that continue to plague Internet Explorer and Passport.

The company is responding to worries about security, including most recently a vulnerability in IE's cookie-based scripting for which it issued a patch last November.

The flaw allowed potential hackers to break in and take control of a system that lacks the patch, said Erin Cullen, product manager of .Net Services at Microsoft.

"We're going to take a more proactive stance toward security," Cullen said, explaining that in this case Microsoft for the first time sent out notices about the patch to Passport users.

Cullen added that Microsoft also plans to issue more patches and that more information will be posted to Microsoft's Web site, such as best practices. "We need to better communicate [security issues] with our customers," she said.

Cullen's comments echo those of Craig Mundie, chief technology officer of Microsoft's advanced strategies and policy unit, who told InfoWorld in November that the company is switching its bias to "safety and security first".

But while Microsoft wrestles internally with the security issue, users and analysts report that customers have little choice but to keep using Microsoft software.

"At this point, Microsoft is so entrenched it would take something more significant than these recent security issues to get people to drop Microsoft - unless Microsoft doesn't react quickly, but it looks like they are," said Shawn Willett, a principal analyst at Current Analysis.

Peter Urban, an analyst at AMR Research in Boston, said that even though Microsoft has security problems, living with them is often financially less expensive than instituting new software.

"People have the Microsoft software implemented, and they're not going to rip it out for something else; that's just too expensive," Urban said.

Analysts said that the way things are shaping up, Microsoft may be able to leverage the dominance it has with desktop operating systems and browsers to boost acceptance of its Passport authentication service, thereby giving it a leg up in the Web services race.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.