Microsoft's Security Response: 10 Ways to Improve It

 
 
By Don Reisinger  |  Posted 2010-08-23
 
 
 

Microsoft's Security Response: 10 Ways to Improve It


Microsoft finds itself in a familiar position. As reports broke early this week, claiming the company knew of zero-day exploits months prior, some are already calling its response times into question. The reports claim a researcher told the company of issues back in February. But the report effectively highlights Microsoft's poor response time.

Beyond this most recent issue, the company has had trouble addressing issues in the past on Windows, Internet Explorer and even Office. And its focus arguably hasn't been as firmly set on security as it should have been.

That's why it's time for Microsoft to do more to improve its security-response time. It doesn't need to do anything drastic, but it needs to be more proactive in its strategies. It also wouldn't hurt if it communicated with stakeholders more often. Here is what Microsoft should be doing now to improve its security response time. 

1. Increase communication with the public

The first thing Microsoft should do is improve its communication with its users. It's understandable that the firm doesn't want to alarm users for every simple problem with its products, but at the same time, those people have a right to know. And perhaps by being more vocal about the issues that plague Windows and Internet Explorer, Microsoft might make those users become more proactive in downloading security software to counteract any issues that might arise. 

2. Be more proactive

Too often, Microsoft simply sits back and waits for problems to get out of hand before it adequately addresses them. The time for that response has come and gone. Nowadays, Microsoft must be more proactive and once it hears of an issue, it should set out to fix it. The hacker community is big and smart. Microsoft needs to stay a step ahead -- or else. 

3. Listen to researchers

Researchers might be a pain to Microsoft, but they effectively highlight the issues that the software giant's own team of experts might have missed. Realizing that, maybe it's time Microsoft places a bit more stock in the things security researchers have to say. Microsoft has proven time and again that when it's left on its own, it doesn't do everything that it should. 

4. Forget the embarrassment 

Unfortunately, Microsoft has suffered from embarrassment for far too long over its security problems. It has decided in the past that it's easier to ignore the issues or simply make them seem less important than they are for the sake of its own reputation. From a marketing perspective it makes sense. But from a security perspective, it's the wrong response. Microsoft needs to get over the embarrassment of its security issues and get working on solutions.

Microsoft Must Cooperate with Industry Security Experts


 

5. Bolster Internet Explorer

Time and time again over the years Internet Explorer has proven to be the application most frequently hit with security flaws. With the right strategy in place, Microsoft could limit those problems. But that strategy must start with a revamped security strategy in the browser space. Internet Explorer is widely used around the world. If Microsoft can fix the security holes in the software prior to issues occurring, it can go a long way in reducing worldwide security problems. 

6. Work closely with security firms

Security firms, such as Symantec and the newly acquired McAfee, could be some of the most important allies Microsoft has. The companies deliver the software most folks use to secure their operating systems. If Microsoft can clue the companies in on some of the issues it potentially sees with Windows, better safeguards could be put in place to help keep users secure. Once again, taking pre-emptive action, especially through the help of security firms, is extremely important. 

7. Improve Windows Defender

Part of the reason why Microsoft might not want to get too cozy with McAfee and Symantec is Windows Defender. The company's security software, which is widely regarded to be quite good, delivers the same basic protection that competing services do. But right now, it's not delivering the experience that users necessarily need. In the end, Windows Defender could be the first line of defense. And Microsoft should do everything it can to improve that software to keep its users safe. 

8. Better understanding of corporate users

Corporate users are key stakeholders in the security market. They desire the services that keep them safe, and maintain protection for their sensitive data. Realizing that, Microsoft needs to keep the corporate world informed of the security problems that could come their way. Security response is all about communication. If the software giant doesn't communicate issues to its key market sector, trouble will ensue. 

9. Hire more security experts

Although Microsoft was forced to lay off employees during the worst of the Great Recession, the firm has the money to strategically hire staff. But rather than hire people to build tablets, it might be time for Microsoft to employ more security experts. At this point, it's hard to argue with the opinion that Microsoft isn't doing such a great job at securing its software. More security experts could help the software giant make a more compelling argument in its favor. 

10. Enlist the help of others

It might be a tall order for a company that has been so secretive about security, but it's time that Microsoft starts enlisting the help of others. The security space is filled with experts, researchers and even former hackers that Microsoft can tap into. The company has done some of that in the past, but the time has come to do more. Get working with others, Microsoft. It's about time.

Rocket Fuel