- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
In the wake of a widespread Internet worm, Microsoft is weighing options to get more users to secure their computers, including automatically applying security patches to PCs remotely.
"We are looking at a range of options to get critical updates on more systems, from finding ways to encourage more people to keep their systems up to date themselves to where it is done automatically by default for certain users," says Matt Pilla, senior product manager for Windows at Microsoft.
Microsoft does not plan any immediate changes to the way it delivers security patches, but the company also does not intend to wait until the release of its next operating system to improve it, Pilla says.
"This is a priority for us. There are a lot of things we can do during the Windows XP time frame to help people make their PCs more secure," he says. The successor to XP, code-named Longhorn, is expected to be out in 2005 or 2006.
Microsoft delivers software patches through its Windows Update Web site and through update software in XP, Windows 2000 and ME. The software does not download and install patches by default, but asks a user to select from various options, including alerts when an update is available.
"Giving the user the ability to control auto update is important to us," Pilla says. "One of the things we are working on is a balance between keeping systems up-to-date and giving users the control over their systems."
On July 16, Microsoft issued a critical security update that fixes a serious security vulnerability in Windows. The company urged customers to patch. Many apparently ignored the warning; the Blaster worm that started spreading weeks later was able to infect hundreds of thousands of computers by taking advantage of the vulnerability.
Russ Cooper, surgeon general of TruSecure and moderator of the discussion list NTBugtraq, is an outspoken critic of Windows Update. Nevertheless, he is in favor of automatically delivering security updates.
"I think it is a great idea, they should have done it ages ago," he says. "We will scrutinize the way they do it. I applaud them for being willing to be put under such a microscope for something they believe the world does not trust them to do."
Microsoft has no choice: It has to take patching in its own hands, says Rob Enderle, principal analyst at Enderle Group. "They absolutely have to create a program where patches are applied automatically," he says.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment