Microsoft has announced a gaggle of new security initiatives to shore up the security of its customers' systems against what the company's CEO Steve Ballmer said was a "wave of criminal attacks."
New security features on Windows XP and Windows Server 2003, a simplified software patch distribution process, and new security education programs were all part of Microsoft's latest effort to stem the tide of worms and viruses that target computers running Microsoft software.
Ballmer made the announcement at Microsoft's Worldwide Partner Conference in New Orleans and said that the new technology and programs would be available "over the coming months".
Perhaps the most technologically significant changes will come from what Microsoft called new "safety technologies" that will be rolled into forthcoming service packs for Windows XP and Windows Server 2003. Those technologies will allow customers to better protect their computers from attack, even in the absence of required software patches, the company said. Better defences for buffer overruns and heap overruns will be part of the enhancements, according to Amy Carroll, director of product management in Microsoft's Security Business Unit.
Buffer overruns are flaws in software code that are often used by malicious hackers to place attack code on victims' computers. Microsoft will introduce protections such as improved compiler checks to stop buffer and heap overruns and software changes that mitigate the effects of such events when they do occur, Carroll said.
Protections against attacks on communications ports, such as the recent W32.Blaster worm, as well as malicious code in e-mail messages and Web pages will also be included, she said.
Microsoft could not comment on what those changes will be or whether they would affect the Windows operating system, or Exchange and Outlook products, Carroll said.
Software updates for Windows XP and Windows Server 2003 scheduled for 2004 will include a more robust version of the current Internet Connection Firewall that ships with Windows XP.
Microsoft may also be integrating behaviour-based blocking technology, that it acquired with Pelican Security, with its default firewall, according to John Pescatore of Gartner. By rolling the Pelican technology in with its firewall, Microsoft would be able to protect even unpatched desktops from new attacks such as the recent Slammer and Blaster worms - a stated goal for the company, Pescatore said.
Carroll did not rule out the use of Pelican's behavior based detection technology but said it was too early to comment.
In a related announcement, Network Associates (NAI) said that it was teaming up with Microsoft to use the McAfee products to help Microsoft enterprise customers streamline security management and operations.