Microsoft realized that phishing, pharming, botnets and rootkits show that attacks are becoming more sophisticated. This situation makes traditional defenses to be inadequate and evolution is at hand.
The Redmond giant has been mentioned in a positive context many times during the past year for the advances made in the security arena. At the Infosecurity Europe 2006 Press Conference, Detlef Eckert – Microsoft Chieft Security Advisor EMEA – demonstrated what Microsoft did and what more we can expect in the near future.
Since its initial release, more than 260 million copies of Windows XP Service Pack 2 have been distributed. When it comes to the Windows Server 2003 SP1, the number of downloads just passed the 4.5 million mark.
Microsoft’s future direction is closely related to security as they realize what kind of impact it has on organizations and on their business. They will continue working on security innovations and will invest in indentity/access control, threat/vulnerability mitigation, better updates and tools.
Mr. Eckert noted security design, security coding and security testing as priorities.
What about the next-generation OS? Well, Windows Vista is to present next generation and compliance. Some of the security features include:
- Windows service hardening
- Inbound/outbound firewall
- Support for smart cards
- Network access protection
- IPSec/firewall integration
- IE protected mode
- Control over removable device installation.
Internet Explorer 7 is also being altered to reflect Microsoft’s security concerns. Some of the features of IE 7 will be available to everyone while others will be Vista-only since they are closely connected with the underlying operating system. Here’s a list of some of the novelties:
- Phishing filter and colored address bar
- Notification of dangerous settings
- Secure defaults
- Unified URL parsing
- Code quality improvements
- Protected mode to prevent malicious software.
Vista is said to be rigorous security testing and it will not ship if it does not pass the Final Security Review (FSR). Details on the review have not been given.
When asked about what we can expect from Vista, Mr. Eckert said: “Most of the vulnerabilities you saw in 2005 would not happen with Vista. We learned a lot during the past 2 years.”
Hopefully the future will prove Microsoft has made a significant difference, they are certainly headed in the right direction.