Microsoft is involved in security in two ways. Of course, security is an integral element of the software it sells. The company also is a vendor of discreet security products and services to the consumer and professional sectors. On both fronts, it seems that the company's positive momentum continues.
TechWorld offers an update on Microsoft retail security initiatives. Its managed service to consumers is called Live OneCare, and its business offering is Forefront. Despite the dire headline ("We're Still Struggling with Security, Admits Microsoft"), the story is almost entirely positive. The company has added research labs in Tokyo, Dublin and Melbourne to the existing Washington facility. A second sign of improvement is the speed with which queries from customers are addressed: During the past year, the time to has sunk from three days to six to eight hours.
The most important metric, however, is the percentage of problems caught. The piece says that between September 2006 and September 2007, Microsoft improved the detection rate for malware by about 20 points to between 91 and 95 percent. AV-Test, a company that runs performance testing for magazines, said the company was at 76 percent as late as this May.
According to unnamed sources, Microsoft is on the verge of offering managed security services to small and medium size businesses (SMBs). This ZDNet blogger says that Forefront Online will be the business equivalent of Microsoft Live OneCare, which is an online service. In June, the blog says, Microsoft announced that it was working on the next generation of Forefront products, which are code-named Stirling. The post throws a lot of Microsoft product family names around and suggests that the company is starting to aggressively court the SMB managed security services market.
The other side of the coin is the security status of Microsoft's own products. There, too, it seems that progress is continuing. This Government Computer News report from the Microsoft Windows Server Technical Summit says that security in Windows Server 2008 is "significantly more secure" than previous versions due to the use of the defense-in-depth approach used in the Vista operating system. This includes the hardening of Windows services, smaller high risk "attack surfaces," Bitlocker encryption and a default setting that turns off features that appear to have been compromised.
This is an interesting post by an employee of BH Consulting, an Irish security firm. The writer was a presenter at a security event in Ireland, and took the opportunity to comment on where Microsoft is in terms of its attitude to security. He does discuss one specific issue, which is how Internet Explorer 7 deals with universal resource identifiers (URIs). The more valuable element of the post, however, is his impression that people working for Microsoft are taking security seriously. Said the blogger:
It was clear from those that I met and talked to that security was not simply a cynical marketing ploy but was something ingrained into their approach and mindset.
This CNET piece is a good reminder of why Microsoft needed to raise its security game. The writer describes how two British security experts -- from a group called the Serious Organized Crime Agency -- were able to hack into an unprotected version of Windows XP running Service Pack 1 on a wireless network in 11 minutes. The demonstration was done in front of Nick McGrath, head of platform strategy for Microsoft U.K. at a Get Safe Online event. McGrath called the demonstration "enlightening and frightening."
That may be so, but the bottom line may not be all bad for Microsoft, however: It has admitted its security shortcomings and, by all accounts, taken remedial action during the past couple of years. The demonstration could be seen almost as an inadvertent sales pitch for the company's more recent products.