Microsoft Beefs up Online Security Offerings
Perhaps no company in the industry is working harder than Microsoft at making sure the public knows what steps to take to secure its products.
If your servers aren't properly patched and your systems
secured, it's getting harder and harder to blame Microsoft. Perhaps no
company in the industry is working harder at making sure the publicboth
IT and at-largeknows what steps to take to secure its products.
One of the latest offerings is a monthly security newsletter,
the first issue of which appeared last December. The newsletter is packed
with relevant, crucial information. One example: A Q&A section asks
the question "I received an e-mail telling me I should remove the
Teddy Bear virus that is contained in a file named jdbgmgr.exe. Should
I follow these instructions?" The file is a Microsoft java debugger
file, and shouldn't be removed.
Another nifty section at the end of the newsletter details
upcoming end-of-support dates for various products. For instance, support
for a number of products still likely to be on many networks, including
Access 97, Word 97, Excel 97 and Office 97, and FrontPage 98 and Outlook
98, had their support cut off just a few weeks ago, on Jan. 16.
The December 2003 issue also included a detailed explanation
of security enhancements in Windows XP SP2, expected mid-year. You can
subscribe to the security newsletter at http://microsoft.com/technet/security/secnews/newsletter.htm.
"We have received a very positive response to the no-nonsense
tone and content of the security newsletters," according to Debbie
Fry Wilson, director of the Microsoft Security Business Unit. She said
there are 8,000 subscribers for the business newsletter and 13,000 subscribers
for the home user newsletter.
Another recent addition to Microsoft's Web site is the "IT
Pro Security Zone", found at http://www.microsoft.com/technet/security/community/default.mspx.
"The Zone," as it's called, acts as a clearinghouse for security-related
information. Links take you to the most active security newsgroup discussions;
upcoming chats and events, including Webcasts (a recent one in January
discussed security enhancements for IIS 6); patch management best practices
and Software Update Services (SUS) information; the most popular security
downloads and Knowledge Base articles; and more.
And then there's the security page every MCP working in the
field should have bookmarked, http://www.microsoft.com/technet/security/default.asp.
The main TechNet security page is the place many security folks start.
It's been significantly enhanced in recent months. There's a search function
specifically for security bulletins. You can search using a variety of
criteria, including by product/technology and service pack, severity or
It's true that Microsoft has deserved much of the blame it's
gotten for shoddy security in the past. If that's the case, it's equally
important that Microsoft get credit for its important, thorough work in
producing new tools and increasing informational awareness that help IT
vetsas well as grandmasecure their data and assets.
Keith Ward is the editor in chief of Virtualization Review.