yvankaguertin@hotmail.com sent this article to you from Windows IT Pro’s Web site. ———- COMMENTS FROM SENDER August 12, 2008 Security for Sale A Web Exclusive from Windows IT Pro Paul Thurrott Windows IT Pro Perspectives InstantDoc #100009 Windows IT Pro Email this ArticlePrinter FriendlyReader CommentsDigg ThisDel.icio.usRSS Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month! Microsoft has always walked what I think is a perilous path on security. Put simply, Microsoft often improves the security of its most recent products only, and then sells that as a benefit of upgrading. It’s kind of insidious when you realize that the message here, put a bit differently, is that the old version we sold you last year is now less secure … So it’s time to upgrade! Obviously, there are architectural reasons for some of this differentiation. Windows Vista, for example, includes low-level changes that affect various security features, like Internet Explorer (IE) Protected Mode, Address Space Layout Randomization (ASLR), and User Account Control (UAC), features that would be difficult if not impossible to implement identically on previous Windows versions. Time marches on. Another truism of this evolution is that, to the average user, what we think of as Windows extends well beyond the realm of what Microsoft includes in the box, so to speak, with its OS. I can’t even count the number of emails I’ve gotten from readers wondering which version of Windows includes Microsoft Word, or slightly less alarmingly, whether you specifically need Office XP if you’re running Windows XP. Looked at in a different way, when something goes wrong in Windows, even when it’s not necessarily the fault of Windows, or even the fault of Microsoft, it is of course Windows and Microsoft that users blame. Microsoft has worked with its partners over the years to create automated systems in Windows aimed at determining which software is the most problematic, and the results of these systems provide the software giant with the tools it needs to prioritize bug fixes, both within and outside of Windows. This past week, Microsoft announced a new initiative that extends this line of thinking to security. After all, when a users’ PC is exploited, they will invariably blame Windows–and, yes, Microsoft–even if the user or a third party application is at fault. Somewhat fittingly, Microsoft announced this initiative at the Black Hat conference, a Las Vegas security carnival at which security professionals, government types, and underworld hackers mix and mingle in a demilitarized zone (DMZ) of sorts. "It’s becoming ever more apparent [that] no company can tackle this issue of security alone," Microsoft’s Andrew Cushman notes in a post to the company’s Security Response Center blog. "Collaboration across borders, and across segments, is imperative to help improve the broader security ecosystem." More specifically, Microsoft is formalizing the process for alerting developers when their Windows applications are found to have security problems. Through its new Microsoft Vulnerability Research (MSVR) program, the software giant will work with its many partners to "identify, resolve and mitigate vulnerabilities," wherever they may occur. It expects the collaboration to be two-way. To be fair, Microsoft has engaged in this kind of work for some time, but it’s never really publicized it until now. What’s changed is that the company is now being open about the process, which should increase participation. The end result, presumably, will be better written software with fewer vulnerabilities. And heck, you might not even have to upgrade to a new version to realize the benefits. What a concept. End of Article ———- ARTICLE Security for Sale Microsoft often improves the security of its most recent products only, and then sells that as a benefit of upgrading. Find this article at: http://www.windowsitpro.com/Articles/ArticleID/100009/100009.html ———- This article is from Windows IT Pro . To find more technical information from the industry’s best experts, presented in an easy-to-use, how-to format go to http://www.windowsitpro.com/. ———- View the Windows IT Pro Network Privacy policy at: http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Penton Media Inc. 221 East 29th Street, Loveland CO 80538 Attention: Customer Service Department Copyright 2008, Penton Media, Inc. All Rights Reserved.

Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s