[lit-ideas] Heads up, Microsoft Users
- From: JulieReneB@xxxxxxx
- To: lit-ideas@xxxxxxxxxxxxx
- Date: Tue, 20 Jul 2004 12:52:43 EDT
Looks like we're gonna have some fun....
http://story.news.yahoo.com/news?tmpl=story&cid=562&e=10&u=/ap/microsoft_s_sec
urity_struggles
Yahoo! News - Windows Security Upgrade Set for Launch
<<Windows Security Upgrade Set for Launch
By ALLISON LINN, AP Business Writer
SEATTLE - As Microsoft Corp. prepares to launch its biggest security upgrade
ever to Windows, dubbed Service Pack 2, the company is trying to strike a
difficult balance between making things safe and making things work.
It's a tough job that is eliciting grumbling from companies whose
applications could require major changes � and glee from security experts who
say any
software product that doesn't work wasn't secure enough in the first place and
needs to be fixed.
"I hope it breaks more things than it's already broken," said Russ Cooper,
senior scientist at TruSecure Corp.
That's because Cooper believes the free SP2 update, which will be released
next month, is badly needed in the ever-rowdier world of Internet-connected
computing â?? and a good wake-up call for other companies that also need to
improve
security functions.
"The applications that will break with SP2 were essentially doing things
wrong from a security perspective," said John Pescatore, vice president of
Internet security at Gartner Research.
SP2 comes in response to a series of attacks that have plagued the software
giant's products, taking advantage of vulnerabilities to spread viruses, steal
personal information and otherwise wreak havoc.
Some companies rushing to make their applications compatible â?? or trying to
negotiate last-minute Microsoft changes â?? complain that SP2 is creating
headaches.
"The changes Microsoft is proposing for SP2 will have serious negative
consequences on the consumer experience of many applications and Web sites,"
RealNetworks spokeswoman Erika Shaffer said. The Microsoft rival makes a
digital
music and video player and sells subscription download services.
The new system bolsters security on Windows, its built-in Internet Explorer
browser and Outlook Express e-mail. Among the changes, a Windows Firewall will
automatically be turned on, helping to guard against attack. The browser has
been fortified, and a new attachment manager will offer tougher policing
against e-mail-borne attacks.
As a vice president at security software leader Symantec Corp., Matthew
Moynahan applauds Microsoft's effort to make Windows safer from attack. But
Moynahan is not so excited about the flood of help-desk calls almost certain to
come
when Microsoft releases a comprehensive security overhaul of Windows XP (news
- web sites) next month.
To make the new Microsoft system work smoothly with Norton, customers will
need to download a Norton update. The company is already bracing for the
change,
working with its customer support staff and making plans to increase phone
support.
Symantec's Norton antivirus software runs on about 100 million desktop
computers.
"We don't want consumers to panic," Moynahan said.
The changes in the way Windows polices itself â?? particularly the newly
strengthened firewall â?? could cause troubles for applications that are used
to
working with Windows' old ways. Some say that's particularly true of
applications
that regularly interact online, such as gaming programs or music services.
Security experts say it's tough to know how many companies may have to change
their products to be compatible.
The company has delayed SP2's release, originally scheduled for June, amid
efforts to improve compatibility. Microsoft group product manager Barry Goffe
says the "vast majority of applications" should function properly when SP2
comes
out.
In the end, analysts believe most consumers will avoid major problems because
most companies that have problems will fix them by the time SP2 is released.
Gartner Research estimates that a mere 3 percent of applications that run on
Windows won't work once SP2 is out.
But Microsoft's Goffe says corporations running customized applications could
have more complex problems, requiring them to specially configure SP2. Many
legitimate corporate programs depend on just the type of interactions that
would also alarm the security system.
It could take months for businesses to adopt the upgrade.
In the end, Cooper expects most corporations will run a very scaled-down
version of SP2, both because they want to avoid compatibility problems and
because
it could be a nightmare to manage things like personal firewalls on thousands
of desktops.
Still, many big businesses are likely running separate security applications
as well.
Perhaps the biggest change with SP2 will be a host of new alerts the user
will suddenly get, offering more detailed information about what programs are
trying to contact the computer and giving the user more chances to accept or
decline.
Macromedia Inc.'s Flash technology required only minor technical changes to
make it compatible with SP2. But the company was more concerned about early
language in these warnings that could make even legitimate interactions seem
scary and unwise.
David Mendels, Macromedia's senior vice president in charge of developer
products, said Microsoft was very responsive to its concerns. Now, he said the
prompts are less dire and more specific.
Microsoft's own products are not immune. Joe Wilcox, a senior Jupiter
Research analyst who is testing an early version of SP2, recently was blocked
from
using Microsoft's Office Live Meeting conferencing product. Although he could
have overridden that, Wilcox instead skipped the online option and called on a
regular phone.
Wilcox sees this as a victory for Microsoft, because it changed his behavior
and kept him from exposing his computer to potential risk.
To Pescatore, such inconveniences are worth it.
"From a security perspective, the problems we've been having â?? these worms
and such â?? we can often blame on thing that need to be fixed in Windows,"
Pescatore said. "So when Microsoft finally gets around to fixing them, it's
going to
take some pain to get past that point.">>
------------------------------------------------------------------
To change your Lit-Ideas settings (subscribe/unsub, vacation on/off,
digest on/off), visit www.andreas.com/faq-lit-ideas.html
Other related posts:
- » [lit-ideas] Heads up, Microsoft Users
