Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Microsoft Must Rethink Security Response

    Written by

    eWEEK Editorial Board
    Published January 23, 2006
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Its time for Microsoft to rethink its response to security holes.

      The software vendors slow response to a serious vulnerability in WMF (Windows Metafile) recently wasnt good enough. Further, the company must speed the delivery of regular patches to customers.

      Responding to the first broad publication of the WMF vulnerability on Dec. 27, Microsoft initially said it would not release its patch for the WMF hole until its next regularly scheduled security updates on Jan. 10. But under pressure from the press and security experts, Microsoft made the patch available ahead of schedule on Jan. 5. Whether anxious to avoid the stigma of being forced to take dramatic action or merely seeking to minimize its own costs of patch certification and support, Microsoft allowed the WMF vulnerability to linger, exposing its customers to the frighteningly fast infection rate of exploits using the hole.

      With the emergence of zero-day exploits, logic and common sense dictate that a monthly patch release is just not effective to keep IT environments free of malicious exploits. The absence of a patch can be far worse than the additional overhead of one patch. Microsoft should have given IT managers the choice between the extra work of deploying two patches and the risk of leaving systems vulnerable for several days.

      By leaving customers hanging, Microsoft opened the door for third-party patches, exacerbating confusion for IT managers. While Microsoft stalled with its patch delivery, anti-virus vendor McAfee announced that as of Jan. 3, more than 120,000 of McAfees customers had been attacked using the WMF vulnerability.

      /zimages/2/28571.gifClick here to read more about these third-party patches and workarounds.

      In addition, Ilfak Guilfanov tried to help the community by releasing a third-party patch, which was endorsed by some security experts. Unfortunately, Guilfanovs Web site buckled under the deluge of download requests, leaving IT managers frustrated and searching for alternatives. With millions of Windows-based machines on the market, few third-party companies—and fewer still with the talent to devise a robust patch—have the extensive network infrastructure and delivery tools required to get a patch to the masses.

      Patch management is high on the list of IT headaches, and the need to constantly patch machines has made Microsoft products difficult to maintain and secure. IT managers have a right to have securable systems, and they shouldnt have to rely on outsiders and crossed fingers to receive patches in a timely way. With Windows XPs source code topping 40 million lines, vulnerabilities and patches wont soon go away.

      It may be that Microsoft is looking ahead to a service it is developing, called Windows OneCare Live, to give customers prompt relief from vulnerabilities. OneCare Live will provide firewall, anti-virus and backup services primarily to consumers. But OneCare Live, currently in beta test, is slated to require a subscription fee. We believe that Microsoft should spend its time and energy helping its current customers rather than developing for-pay services for tomorrow.

      /zimages/2/28571.gifRead more here about Windows OneCare Live.

      If the company hopes to get a good reception for a new and even more complex Windows Vista later this year, it had better prove it can protect and maintain what its shipping now.

      Tell us what you think at [email protected].

      /zimages/2/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.

      eWEEK Editorial Board
      eWEEK Editorial Board

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.