Microsoft Responds to Hacker Attacks

Microsoft Corp. launched a new security initiative as it tries to allay a growing fear among industry insiders that its products are too prone to malicious hacker attacks.

The program’s release comes on the heels of a recommendation by analyst firm Gartner Research that enterprises migrate from Microsoft’s IIS Web server to competitive offerings like Apache or Sun Microsystems’ iPlanet. Gartner believes IIS, which was the target of the recent Code Red worm and Nimda virus, will continue to be hit by such attacks until Microsoft releases a new thoroughly-tested version of the software.

Under its new security offering, called the Strategic Technology Protection Program, Microsoft has vowed to take steps to ensure the next version of IIS is more secure. "As an industry leader, Microsoft recognizes it has a special obligation to help ensure the security of the Internet and our customers' data," said Brian Valentine, senior vice president of the Windows Division at Microsoft in a statement. "This is a problem that affects the entire industry, but we recognize that there is more work to do.”

The first part of Microsoft’s two-part program will provide customers a suite of security tools, one of which will be a lockdown device for IIS. Meanwhile, Microsoft has decided to release the next version of IIS locked down by default.

For Microsoft, establishing a solid reputation on the security front is of critical importance to the ultimate success of some of its .NET-related programs, namely Passport. Passport is in the midst of major battle with similar offerings from Sun and AOL to become the dominant solution for authentication and authorization on the Web.

“There is a swelling worldwide crisis-of-confidence in the Internet as the collaboration medium for the coming years. We, together with each of our customers and partners, and the industry as a whole, have a vested stake in stemming that sentiment,” said Valentine.

Part one of the Strategic Technology Protection Program is called Get Secure and entails the mobilization of Microsoft’s account managers and field staff to help customers eliminate security issues; free customer support; and a new security toolkit. The toolkit, which can be downloaded at www.microsoft.com/security/, includes a number of service packs and hot fixes for Windows NT 4.0 and Windows 2000.

The second part of the program, Stay Secure, will include security roll-up packages for consumers and businesses, as well as an expansion of the Secure Windows Initiative, which is a program Microsoft introduced at the RSA Conference in April of this year.

For more coverage of Microsoft in the enterprise, visit www.entmag.com