Microsoft says it will build in security rather than bolting it on

Microsoft says it will build in security rather than bolting it on

Some IT managers and developers attending the Microsoft Security Summit in Washington today have become frustrated with the layers of security being bolted onto IT systems.

'In the IT shop, we understand it and it makes sense,' one administrator said. 'But to a CFO, it is just making the IT shop another cost center, and all we are doing is maintaining the status quo.'

Microsoft Corp. is trying to assuage that frustration by improving the quality of its software and by building security features in rather than depending on separate add-ons.

Mike Nash, Microsoft security business vice president, outlined advances expected from the company this year.

The first release candidate for Windows XP Service Pack 2 now is in beta release. SP 2 includes new security features, including a Security Center that aggregates information and controls for security features and settings, including the built-in firewall.

The firewall included in Windows XP is turned off by default because it interferes too often with applications and services. The firewall has been refined in SP 2 to work better so that it can remain on by default. Exceptions to firewall policy can be made to allow certain applications or services. Firewalls also can be managed by group policy settings in Active Directory, creating different classes of users.

The service pack also will update Internet Explorer with pop-up blocking. It can block unwanted advertisements or other notices, while allowing pop-up features that are part of Web site functionality.

The company also expects to enhance its update services by the end of the year. Windows Update now automatically downloads and installs patches and fixes for operating systems. A Microsoft Update service will be added to this to automate updating of applications and other software as well.

Software Update Services for systems will become Windows Update Services, also expanding the range of software that can be automatically updated.

Windows Server 2003 Service Pack 1 is expected to be released in the second half of this year. Microsoft is working on its Active Protection Technology. This will include:

  • Dynamic system protection to turn off vulnerable functions until patches or other fixes are available

  • Behavior blocking to stop malicious activity independent of the vulnerability it is exploiting

  • Application-aware firewalls that will understand how functions and settings are used by specific applications

  • Intrusion prevention to monitor all executables and registry settings.

About the Author

William Jackson is a Maryland-based freelance writer.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected