Article

Microsoft security plan not likely viable for other companies

Niall McKay, Information Security magazine Contributor

Going to Microsoft for advice on security may seem like going to Little Red Riding Hood for advice on how to handle the Big Bad Wolf. Small wonder then that a document called "Security at Microsoft," detailing how the company protects its global network, raised some eyebrows among security watchers.

In fairness, the company gives a candid account of its risk management strategy and some of its previous weaknesses such as code vulnerabilities. The software giant admits that there is a "medium to high probability that within the next year, a successful attack will occur that could compromise the high value and/or highest value data class."

The document details how it secures its 300,000 computers and 4,200 servers from 100,000 attempts to break into its systems.

The document is seen by some as part of a new culture of openness regarding security within the company. Others, meanwhile, see it as marketing collateral rather than a serious security white paper.

"It's not that useful because it's a pretty formulaic approach," says Marc Maiffret, Windows expert and chief hacking officer at eEye Digital Security. "Microsoft is an unusual company. It's a lot more homogenous than most companies of a similar size, many of which run dozens of different systems."

Russ Cooper, surgeon general at TruSecure and moderator of the NTBugtraq security discussion list, said that the company could provide some really useful information, such as how it was

    Requires Free Membership to View

infected with Code Red what it did to get rid of it. Also, what it's doing to prevent further attacks worms and viruses.

"Its too vague a document to be useful," he said. "It really doesn't offer any specifics."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: