Microsoft Security Leaves Some Users Behind

Opinion: Updates for IE are coming, but Microsoft should extend full browser security protection to those who haven't upgraded to the latest operating system.

During his keynote address at the RSA security conference, Bill Gates announced that Microsoft will release a beta version of Internet Explorer 7.0 for Windows XP Service Pack 2 customers sometime this summer. Company officials said the browser will gain new anti-phishing, anti-spyware and anti-virus safeguards.

There has been much speculation about Microsofts reasoning behind its decision to update IE sooner than originally planned. With Google and Yahoo rumored to be preparing to launch their own branded browsers, some say the move is more about combating rivals in the lucrative search market and less about assuring security.

Microsoft needs only to look in the rearview mirror to see browser rivals gaining on IE. For the past few years, IE, with its security holes and ties to the Windows operating system, has become one of the most common reasons for enterprises to move off Windows.

And with IE increasingly losing market share to upstarts such as the Mozilla Foundations Firefox browser, Microsoft is smart enough to know that its browser as it is today doesnt have many miles left in it.

/zimages/4/28571.gifClick here to read more about recent competition between IE and Firefox.

The IE news comes less than a week after Microsofts acquisition of Sybari and its purchase of anti-spyware vendor Giant Company Software. Consumers have already reaped some of the benefits from those acquisitions, including Microsofts recent announcement that it will continue to deliver a personal version of Windows AntiSpyware for free.

The Sybari and Giant acquisitions show that Microsoft is taking security seriously, and although Microsoft has made progress in security since the announcement of its Trustworthy Computing initiative three years ago, the company needs to do more.

On Microsofts IE group blog, company officials said that while they had received requests for an IE refresh for older operating systems such as Windows 2000, they remain focused on XP SP2.

In fact, Dean Hachamovitch, the head of the IE team, wrote: "Were actively listening to our major Windows 2000 customers about what they want and comparing that to the engineering and logistical complexity of the work."

Although Microsoft is no doubt weighing the costs and benefits to itself of such a move, there are obvious benefits in a new and secure version of IE for enterprise customers who are still on Windows 2000. Were Microsoft to take such a step, it would prove that its commitment to Trustworthy Computing extends to all of its users, not just those with the latest licenses.

/zimages/4/28571.gifTo read about Mozillas response to IE 7.0, click here.

The fact that this is an issue to begin with is Microsofts own doing—in tying the IE browser to Windows and declaring them a single product to dominate the browser market. It therefore has become necessary for some users to go through an entire operating system upgrade to gain a secure browser.

It is our hope that Microsofts recent moves toward securing its products are signs of a new, more responsive company, one that puts its customers interests first—where they belong.

Tell us what you think at

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.