Microsoft Reinforces Commitment and Action To Help Improve Security for Customers

TORONTO, July 13, 2004 — Today at the Microsoft
®
Worldwide Partner Conference 2004, Mike Nash, corporate vice president for the Security Business and Technology Unit at Microsoft Corp., provided an update on the continued commitment Microsoft has made to help improve the security of computers and networks. Nash outlined steps Microsoft has taken and noted measured progress to date, including technical innovation in providing greater isolation and resiliency for computers and networks; improvements to security update tools and processes; expanded authorization, authentication and access control capabilities; improvements to quality through a commitment to engineering excellence; and success in providing global customer guidance and engagement. Nash also announced the general availability of Internet Security and Acceleration (ISA) Server 2004 and outlined Microsoft’s strategy for Network Access Protection technologies.

“Our customers have asked us to work together to make it easier for them to protect their networks against malicious attacks,” Nash said. “Although we’ve seen progress in addressing some of our top customer concerns, we remain focused on the evolving security challenges and are committed to working with industry partners to improve the security of PCs and networks around the world.”

Ongoing Commitment to Address Security

Security is a top priority for Microsoft, and the company’s commitment to improving security and working with partners to help them secure their infrastructures is an ongoing effort, Nash noted. Further details on the progress and commitments that were highlighted include the following:

  • Advancements in providing greater isolation and resiliency to systems to improve their ability to mitigate the impact of malicious code, including the forthcoming availability of Microsoft Windows®
    XP Service Pack 2, slated for August, and the innovations to provide safer browsing, stronger default security settings, and the automatic installation of new security features to better protect customers and their computers from hackers, viruses and other security risks. Nash also discussed ISA Server 2004, Microsoft’s next-generation application firewall, virtual private network and Web cache solution; and Network Access Protection technologies, Microsoft’s strategy for more secure access to networks that will provide network policy validation, network isolation and network policy compliance.

  • Improvements in security update tools and processes, highlighting the more streamlined process of issuing security updates monthly to make the process more manageable for customers. This has led, in part, to a 400 percent growth in the use of Windows Automatic Update over the past 10 months and approximately 112,000 servers connecting to Microsoft to check for content per day using Software Update Services.

  • Expanded authorization, authentication and access control, with the endorsement of Microsoft’s Windows Rights Management Services from EDS, GigaTrust and Liquid Machines Inc.

  • Quality improvements through engineering excellence, referencing the 69 percent reduction in critical and important bulletins issued for Windows Server (TM) 2003 relative to Windows 2000 Server in the initial year following their respective releases.

  • Global customer guidance and engagement to help build security best practices among consumers and businesses, confirming that in the past 10 months Microsoft has provided security training to more than 510,000 IT professionals, including approximately 140,000 industry partners. Nash also thanked partners for their diligent efforts to help customers achieve a more secure infrastructure and encouraged them to participate in Microsoft’s Security Solutions Competency Program. More information about the security solutions competency can be found at http://members.microsoft.com/partner/program/competencies/securitysolutions.aspx .

ISA Server 2004 Now Available

Nash announced immediate availability of ISA Server 2004, an advanced application layer firewall, VPN and Web cache solution enabling customers to easily maximize existing IT investments by improving network security and performance. Nash also noted significant partner momentum around ISA Server 2004. Ten solutions providers, Cloudmark, FilterLogix, Forum Systems Inc., GFI Software Ltd., McAfee, Inc., Panda Software, Rainfinity, RSA Security Inc., SurfControl plc and WebSpy Ltd., today announced supporting products. In addition, HP today became the first company to announce that customers can now order a hardware-based solution — the HP ProLiant DL320 Firewall/VPN/Cache Server running ISA Server 2004. Several other partners have announced plans to deliver hardware solutions based on ISA Server 2004, including Celestix Networks, Network Engines Inc., Pyramid Computer, RimApp Technologies and Wortmann AG.

More information about ISA Server 2004 can be found at http://www.microsoft.com/isaserver/ .

Network Access Protection to Be Available in Windows Server 2003 Update

Nash also outlined broad industry support for Network Access Protection technologies from Microsoft, a solution based on an open, standards-based architecture to allow customers to more securely access their corporate network through network policy validation, restriction and policy compliance. Available in an update release of Windows Server 2003, code-named “R2,” Network Access Protection also provides system administrators with the ability to monitor and control computer access based on compliance policies for accessing the network.

Today, 25 industry leaders in anti-virus software, patch management and systems management announced they are working together with Microsoft on Network Access Protection technologies to deliver end-to-end solutions for customers. Customers that require VPN inspection today should use tools for Windows Server 2003 and ISA Server 2004. In the future, Network Access Protection technologies will offer an extensible solution for partners and customers including functionality beyond VPN client inspection.

Continued Security Progress to Help Customers

As part of Microsoft’s commitment to provide authoritative information and guidance on security issues to all customers, the company in January began to release threat cleaner tools for known viruses and worms. To help deliver a better user experience, reduce unnecessary traffic on the Internet’s backbone and remove common threads of worms from machines, Microsoft released cleaner tools for Blaster, MyDoom and Sasser, and to date, roughly 40 million customers have used these tools. Nash announced that today Microsoft is releasing a cleaner tool for the Download.Ject exploit. Customers can learn more about this new cleaner tool at http://www.microsoft.com/downloadject/ .

As part of the guidance and training Microsoft provided to more than 510,000 customers and partners worldwide, Microsoft has made available in-depth prescriptive guidance, templates and checklists via the Security Guidance Kit such as the Microsoft Baseline Security Analyzer (MBSA), which can be used to help identify common security misconfigurations in Windows, Internet Information Services (IIS), Microsoft SQL Server (TM) , Internet Explorer and Microsoft Office. MBSA 1.2 is used for more than 1.5 million Internet-connected scans on average each week. In addition, more than 1 million Security Guidance Kits have been provided at no charge to customers and can be ordered at the Security Guidance Center Web site, http://www.microsoft.com/security/guidance/ .

Nash also recounted the efforts with industry partners to help address consumer security as well as businesses’ security, pointing to the Protect Your PC Campaign ( http://microsoft.com/protect/ ) where nine leading antivirus and firewall vendors have provided information and offers to help consumers be more secure. He noted the work with Internet service providers worldwide through the Global Infrastructure Alliance for Internet Safety (GIAIS) to provide consistent content and guidance to their customers.

In closing, Nash reinforced Microsoft’s efforts to work with law enforcement agencies around the world to find and prosecute those who release malicious code, noting the successful efforts that led to the arrest of the Sasser suspect.

More information about Microsoft and its efforts to address computer security can be found at http://www.microsoft.com/security/ .

About Microsoft’s Worldwide Partner Conference

Microsoft’s Worldwide Partner Conference provides Microsoft’s partner community with access to key marketing and business strategies, leadership, and information regarding specific customer solutions designed to help partners succeed in the marketplace. Along with informative learning opportunities covering sales, marketing, services and technology, the Worldwide Partner Conference is an ideal setting for partners to garner valuable knowledge from their peers and from Microsoft. More information can be found at http://www.microsoft.com/partner/events/wwpartnerconference/ .

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft, Windows and Windows Server are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .

Related Posts

Q&A: Delivering on Secure Computing

As IT security experts gather for the annual RSA Conference, Mike Nash, head of Microsoft’s Security Business Unit, discusses how the company is acting on customer feedback to provide a more secure computing environment.