This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."
Download it now to read this article plus other related content.
As part of Microsoft's Trustworthy COMPUTING Initiative, many of its new and forthcoming products have security integrated in their feature sets.
SQL Server 2005 (Released: November 2005)
Newer Platforms = Better Security
For the broad market, securing Windows against vulnerabilities might mean spending the money to get on the newer platforms, such as XP SP2 or Windows Server 2003 SP1.
There was recent evidence in 2005 with the Dasher and Zotob worms. Customers on XP SP2 were not hit, says Harry Waldron, a Microsoft Most Valuable Professional (MVP) and IT manager at a major insurer. "These are the fruits of TwC. Some of the outbreaks impact only older technologies."
Microsoft will make the overall installed base more secure where feasible, Nash says. Microsoft's new antispyware software, Defender, for example, will be built into Vista, but will also be available for Windows 2000 and XP.
Earlier OSes, like Windows 98 and ME, are architectures built before Microsoft understood the Internet. "We do know that there are a lot of customers running older platforms, and it's important to help them be secure," says Fathi. "A lot of the work we are doing for Windows Vista will be made available down-level for older platforms."
For large IT shops, this is welcomed news. Moving to the latest versions of software is always challenging because most companies are unable to roll out new copies of an OS right away.
"I sure hope it will help to be on Vista," National Gypsum's Thomas says. "But for us, Vista is a long way out. We have XP SP2, but it's the best we can do for now, and exploits still come out."
The Threat Is Everywhere
Of course, IT experts can't just study their software and perimeter security tools to be sure their systems are locked down. A huge threat today comes from the inside.
Cybercriminals have sometimes taken jobs in banks just to get access to the systems--even the cleaning staff might be a security breach, warns Allan Pomerantz, chief security officer at the Philadelphia Stock Exchange. "Today someone can walk into your shop with an iPod--with its 60 gig capacity--jack it into your computer and download your entire customer database," he says. "Memory sticks fit into everything--someone can use one to inject a Trojan into your computer."
Customers have to get used to using policy restrictions and non-Windows security devices to help balance risks and recognize that there will always be potential for another security breach.
Some of Microsoft's strongest feedback through the years has come from their MVPs. These subject-matter experts have insisted that Microsoft deliver security improvements in its next-generation desktop and server technologies. But, Microsoft isn't the only company that has to step up.
"The industry has always recognized the need for improvement," says MVP Waldron. "Microsoft, or anyone, will get there. We've all got to stay one step ahead of the bad guys."
This was first published in May 2006