Microsoft Revamps Security Updates for Home Users

New mailing list is tailored for non-technical users.

Microsoft Corp. on Tuesday continued the expansion of its security response process, unveiling a new security mailing list specifically for home or other non-technical users.

The Home User edition of the Security Update newsletter will deliver security bulletins and other security-related information to users who dont need all of the technical details contained in Microsofts TechNet Security Notification Service advisories. Late last year Microsoft began developing the simplified versions of its bulletins in response to customers who said they were overwhelmed with all of the details and just wanted to know when a new patch was available and whether they needed to apply it.

The TechNet bulletins tend to be heavy on specifics of the vulnerability and often provide detailed work-arounds as well as lists of complex mitigating factors. Most home users have no use for such data.

"There was a lot of demand from our customers for this [new mailing list]," said Steve Lipner, director of security assurance at Microsoft, based in Redmond, Wash.

The new simplified bulletins may also be good reading for non-technical people such as senior executives, who want to be aware of security issues affecting their systems but have no need for detailed descriptions of the problems. The bulletins will have a short description of the problem at hand and will contain a link to the full advisory and the patch.

The new e-mail service is part of an ongoing revamping and expansion of the Microsoft Security Response Centers functions and services. The group recently revised its guidelines for issuing security bulletins, adding a fourth severity rating. And just the fact that the MSRC has established a separate response system for home users shows a better understanding of the needs of the companys enormous customer base.

"Not everyone wants to know every detail about every problem," Lipner said.