News

Microsoft Beefs up Online Security Offerings

Perhaps no company in the industry is working harder than Microsoft at making sure the public knows what steps to take to secure its products.

• By Keith Ward
• 01/29/2004

One of the latest offerings is a monthly security newsletter, the first issue of which appeared last December. The newsletter is packed with relevant, crucial information. One example: A Q&A section asks the question "I received an e-mail telling me I should remove the Teddy Bear virus that is contained in a file named jdbgmgr.exe. Should I follow these instructions?" The file is a Microsoft java debugger file, and shouldn't be removed.

Another nifty section at the end of the newsletter details upcoming end-of-support dates for various products. For instance, support for a number of products still likely to be on many networks, including Access 97, Word 97, Excel 97 and Office 97, and FrontPage 98 and Outlook 98, had their support cut off just a few weeks ago, on Jan. 16.

The December 2003 issue also included a detailed explanation of security enhancements in Windows XP SP2, expected mid-year. You can subscribe to the security newsletter at http://microsoft.com/technet/security/secnews/newsletter.htm.

"We have received a very positive response to the no-nonsense tone and content of the security newsletters," according to Debbie Fry Wilson, director of the Microsoft Security Business Unit. She said there are 8,000 subscribers for the business newsletter and 13,000 subscribers for the home user newsletter.

Another recent addition to Microsoft's Web site is the "IT Pro Security Zone", found at http://www.microsoft.com/technet/security/community/default.mspx. "The Zone," as it's called, acts as a clearinghouse for security-related information. Links take you to the most active security newsgroup discussions; upcoming chats and events, including Webcasts (a recent one in January discussed security enhancements for IIS 6); patch management best practices and Software Update Services (SUS) information; the most popular security downloads and Knowledge Base articles; and more.

And then there's the security page every MCP working in the field should have bookmarked, http://www.microsoft.com/technet/security/default.asp. The main TechNet security page is the place many security folks start. It's been significantly enhanced in recent months. There's a search function specifically for security bulletins. You can search using a variety of criteria, including by product/technology and service pack, severity or release date.

It's true that Microsoft has deserved much of the blame it's gotten for shoddy security in the past. If that's the case, it's equally important that Microsoft get credit for its important, thorough work in producing new tools and increasing informational awareness that help IT vets—as well as grandma—secure their data and assets.