Microsoft changes security tactics

Microsoft CEO Steve Ballmer has outlined a series of new initiatives and investments aimed at shoring up the company's increasingly battered security reputation.

Speaking at Microsoft's worldwide partner conference in New Orleans, Ballmer said the new initiatives will help address the increasing threats faced by computer users.

"Our goal is simple: Get our customers secure and keep them secure," Ballmer said. "Our commitment is to protect our customers from the growing wave of criminal attacks," he added.

One of the main areas Microsoft said it will address is the patching process and Ballmer unveiled a new process for distribution that will see the firm move to monthly patch releases. Ballmer said this will reduce the burden on IT administrators by adding a level of increased predictability and manageability.

New security enhancements were also unveiled for Windows XP and Windows Server 2003. For Windows XP the enhancements, which will ship with service pack 2, focus on protection against port-based attacks, email attacks, malicious web content and buffer overrun exploits.

For Windows Server 2003 the new features will enable remote-access connection client inspection and intranet client inspection to help protect corporate networks from infections introduced by mobile systems. This is expected to be available in the second half of next year.

Ballmer said: "Our goal is to enable increased protection and resiliency of systems and networks. Our highest priority is developing these safety technologies for our customers. This is a key area of focus for us."

Microsoft said it is also boosting its security training and guidance for customers through TechNet seminars, and a dedicated developer security symposium focused on secure coding practices.

Microsoft senior VP Bob Muglia admitted to CNET News.com yesterday that the company's Trustworthy Computing programme would not be a "big bang" effort that will happen overnight.

But analyst Gartner has joined recent criticism of Microsoft's security record saying that businesses with a "monoculture" IT based on Microsoft may be more efficient but leave themselves more exposed to dangerous and costly security vulnerabilities.