Get Smart about Business Spending
- Related Stories
-
Piecing together Windows Vista
November 8, 2006 -
Vista beta gets slight tweaks
July 17, 2006 -
WinFS heads for Microsoft database
June 26, 2006 -
Microsoft shakes up security fray
June 7, 2006 -
Microsoft to bulk up Office business intelligence
June 5, 2006 -
Allchin: Buy Vista for the security
January 27, 2006 -
New Windows file system enters testing
August 29, 2005 -
Microsoft moves into antivirus realm
June 10, 2003
(continued from previous page)
Just last week, Microsoft said it was going to play nice and would abide by self-imposed rules aimed at bolstering choice and competition. The voluntary principles will come into play after court requirements related to the U.S. antitrust case against Microsoft expire next year.
The new Microsoft Security Response and Safety Summit is part of the Microsoft Security Response Alliance, an effort announced in June that aims to pull together various collaborative security initiatives at the company. It is also preparing to launch a response portal this week for its partners, Griesi said.
The software giant has been holding annual meetings with antivirus researchers since 1997. Initially, the confab was called Microsoft Macro Virus Initiative and later, the Microsoft Virus Initiative. On top of that, Microsoft has held twice-yearly get-togethers with Internet service providers since 2004, as part of its Global Infrastructure Alliance for Internet Safety. The Microsoft Security Response and Safety Summit brought together the antivirus and the ISP strands for the first time.
"We had separate events, but actually 80 percent of what we talked about was the same, so we decided to have one summit with different tracks," Griesi said. "We really wanted to give our various partners a chance to meet each other...The problems that ISPs and consumers face are the ones that the anti-malware makers are trying to address."
The merger was a good step, McAfee's Kuo said. "For us to attack some of these problems in a timely manner, we need to have close relationships with some of the ISPs," he said.
Security, response, safety
The Microsoft event had three tracks: security, response and safety. The first included sessions on secure software development at Microsoft, on the Windows Security Center (which tells users whether their security software is up to date) and on Vista features such as User Account Control (which enables restrictions on different users rights to prevent malicious software from installing).
The response section included sessions on Vista networking security, on trends in malicious software and on security in Internet Explorer 7, the next update to the Web browser. The safety track gave an overview of new safety features in Vista and the Windows Live family. These features included parental control and Vista extensibility, as well as Microsoft's phishing- and spam-fighting strategy.
One of the sessions was supposed to discuss WinFS, a new storage system for Vista. "We got in and sat down," Dang said. "The talk was over in five minutes, because Vista will be completely without WinFS." That same day Microsoft officially announced that WinFS will become part of the SQL Server database and will no longer be part of Windows.
Another session discussed how malicious software could leave traces on Vista PCs even after it is removed, McAfee's Kuo said. The trace is in the form of a so-called symbolic link, a technology introduced in Vista. These are designed to make it easier to locate items on a computer, and are somewhat similar to current shortcuts in Windows XP and to aliases in Mac OS systems.
"Symbolic links can clutter up your machine with lots and lots of links that point nowhere" after the malicious software is removed, Kuo said. Protective tools will probably end up doing the clean-up, he said. It's a sign that on Vista systems, security software has more work to do than on earlier versions of the operating system.
The goal of Microsoft's alliance program is to share information like this and to protect customers at large, Griesi said. Likewise, security companies like Aluria say they want to work with Microsoft for the same reason. But some note that the software giant has a history of pulverizing rivals. "Netscape is the renowned story," Dang said.
He did point out, though, that Microsoft hasn't always succeeded in imposing itself on the markets it enters. One example, he said, is Intuit, which is still a leader in accounting software, despite Microsoft's attempts to take it on.
"I commend Microsoft for listening to security vendors," Dang added. "Ultimately, we are all on the same side, which is the good guys versus the bad guys, and we're here to protect our customers. Microsoft playing in this is good for all parties--it keeps us on our toes and makes our products a lot better."
Kuo gives Microsoft the benefit of the doubt as to why it may be sharing fewer technical details than in previous years. It depends on the development lifecycle, he said. Vista is almost fully baked, so Microsoft hasn't got anything new to share. Two years ago, attendees did get a significant amount of technical information, he added.
"At this point, there is really nothing for them to tell us that we don't know," Kuo said. "The question will be what happens next year. How much discussion happens then? That will be how we measure the significance of Microsoft entering the market and how that affects these relationships."
See more CNET content tagged:
meeting, attendee, researcher, McAfee Inc., Redmond
- and now they're going to make mp3 players. All of their partners
have good reason to worry. What's next? Will they decide to make
PCs too?
No way! :- )
Björn Lundahl, Göteborg, Sweden
Glad I don't use Windows for anything I hold important...
So this is my question to all you VP's that attended this years meetings; are you actually that ignorant that you don't understand that the wolf allowed you into his den for a reason!
Not only am I a super tech guru, but I can smell a hustler a mile away. Microsoft consist of the largest organization of hustlers in the world!
So my advice to all of you in the security sector, maybe it's time to take a second look at Apple and increasing the security tools there, God only knows that Steve Jobs is busy working on a New Web Browser for Tiger and doesn't currently have the time for this feat!
~Justin
Tech01
take a second look at Apple and increasing the security tools there"
Mac users routinely laugh at their efforts. Right now, and for the
last five years, there have only been theoretical vulnerabilities for
OS X. Some day, there may be a real virus threat to Macs out there,
but until and unless that day comes, there's no point in spending
money on antivirus for your Mac.
Björn Lundahl, göteborg, Sweden
- FUD FUD FUD
- by Hardrada July 26, 2006 4:51 PM PDT
- this story is nothing but FUD. Microsoft didn't have anything new to share since Vista is pretty much finished and they're very early in the planning stages for the next product.
- Reply to this comment
-
-
- Err, huh?
- by Penguinisto July 27, 2006 1:32 PM PDT
- "[i]Weird how the Apple and Linux folks are so critical about Windows vulnerabilities and then so critical about Microsoft trying to do something about them.[/i]"
-
-
(18 Comments)Let's be clear: AV vendors are not exactly our best friends as consumers - doesn't it seem odd to anyone that the companies screaming loudest about the next "imminent threat" also stand to benefit the most when we renew our licenses for their software? AV companies have failed to innovate in this area, forcing Microsoft to step up and do so.
Weird how the Apple and Linux folks are so critical about Windows vulnerabilities and then so critical about Microsoft trying to do something about them.
-btw - load MAC OS or your favorite *nix distro on 90% of the pc's in the world and you'll find they have a few vulnerabilities too. Leaving your car parked in the garage and then claiming it never breaks down is a little disingenuous.
Such a blanket statement that turns out to be, well... wrong.
The Vulns? Yeah - but we're just as hard (actually, harder) about any found on OSX or Linux - esp. those which would be as earth-shakingly stupid as the boners that we've seen surface in Windows.
OTOH, hey - if MSFT wants to actually do something ab't it, great. OTOH, if they do it by alienating their own partners, well...
And if Vista is "pretty much finished" to the point where security discussions between MSFT and vendors are next-to-zero, then I fear for the data of millions of new Vista users - because from the looks of it, they will be rather ripe for the impending on-line raping.
[i]"AV vendors are not exactly our best friends as consumers - doesn't it seem odd to anyone that the companies screaming loudest about the next "imminent threat" also stand to benefit the most when we renew our licenses for their software? AV companies have failed to innovate in this area, forcing Microsoft to step up and do so. "[/i]
No argument on the first part - vested interest is vested interest. OTOH, the very existence of A/V companies shows that it MSFT who failed to innovate in the field of security, no?
[i]"-btw - load MAC OS or your favorite *nix distro on 90% of the pc's in the world and you'll find they have a few vulnerabilities too."[/i]
Funny, but Apache holds 80%+ of the Webserver market, and yet the majority of the vulnerable/compromised webservers were using IIS... In other words: QED, your argument doesn't hold water.
"[i]Leaving your car parked in the garage and then claiming it never breaks down is a little disingenuous.[/i]"
Again, I refer you to Apache vs. IIS.
/P