I was pleased to see several new initiatives from Microsoft, which should help us all improve our patch management and underlying security, including:
- Monthly patch releases.This initiative is immensely helpful,giving us much more sanity in applying patches.
- Smoother use of Windows Update Web site. Rank-and-file users can understand this site far better than in the past and easily keep their machines up to date.
- Integration of security features into compilers and operating systems. I'm very excited about the new buffer-overflow defenses that Microsoft is releasing. One element that could be quite interesting is the stack protection that will be built into Windows XP Service Pack 2.
- Offering a bounty for virus and worm writers. Although this highly controversial move of paying cash to people who turn in malware authors, I welcome it. If Microsoft wants to spend its money this way, I'm all for it. Let's get the bad guys, or at least make it much more likely that they'll get found and punished.
These elements are very promising. Visit here for more details on them. Still, Microsoft isn't perfect, and there are many vulnerabilities yet to be discovered and fixed. Let's give credit where it's due -- for finally moving in the right direction!
For more info on this topic, visit these SearchSecurity.com resources:
Pre-register for this LIVE webcast on Feb. 17 at 1 PM ET: Expert's guide for effective patch management
Information Security magazine February 2004 Expose: A Patch in Time
Information Security magazine February 2004: Patch management tools
Featured Topic: Best practices for patch management
Featured Topic: Microsoft's Trustworthy Computing Initiative
|
