MSBlast worm is "disappointing" says security chief…
By Patrick Gray
Published: 14 August 2003 08:26 GMT
The head of Microsoft's Trustworthy Computing initiative, Scott Charney, says the Windows vulnerability on which the MSBlast worm is based is a sign the software heavyweight has "a lot more work to do".
Charney said he was disappointed when the software bug, which affected Windows Server 2003, touted as the most secure Microsoft operating system ever, was unearthed.
He said: "We have always said that Windows Server 2003 would not be bullet-proof. It's disappointing. Is it surprising? No… it just means we have a lot more work to do." Disappointment seems an appropriate reaction - the company spent $200m in an attempt to secure Windows Server 2003 by standing down 8,500 developers for security training.
But the security boss defended Microsoft's product security and said the company's products have a disproportionately bad reputation. "To some extent Windows is as secure, if not more secure, than many other systems, but the fact of the matter is we have [overwhelming] market share and with that comes increased responsibility," he said. "Even if we're doing better than everyone else, that's great, but we have to do better still. Software's complex and it's not likely we'll get the number of bugs to zero but we have to do a better job than we've done to date." As for the threat of a "cyber terrorism" attack, Charney says there's a lot of hype out there.
"As difficult and as problematic as an event like Slammer might be, it doesn't compare to the World Trade Centre [attacks]… If you're trying to provoke terror the internet may not be the best medium for that." The real threat, he said, will come from a blended, co-ordinated threat, for example an attack on telephone infrastructure prior to a physical attack - like the World Trade Centre disaster - and would be intended to disrupt emergency response capabilities.
"I think many of us in the field are concerned about the fact that a more co-ordinated terrorist attack could be the problem," he said.
Patrick Gray writes for ZDNet Australia
Essential Skills/Characteristics: Previous training delivery experience • Experience of SME business working environments • Good ...
Excellent internal role for a flexible and skilled Support Engineer with good Networking, Windows Server and database support skills and knowledge of ...
You must have previous experience in a dedicated vulnerability management function where you have been responsible for all potential attacks on a ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business