Microsoft plans security boost for Windows

Computerworld - Microsoft Corp. wants to make Windows a much safer operating environment.

The software giant yesterday announced plans to integrate new technology into upcoming versions of Windows that it claims will dramatically improve the security capabilities of the popular operating system.

But users will have to wait until Windows XP and the next version of the Windows Server product, code-named "Whistler," ships to see the technology.

Microsoft also announced a new internal program called the Secure Windows Initiative that will provide Microsoft engineers with ongoing education, tools, security-focused development processes and rigorous internal and external testing to ensure higher attention to security, according to the company.

"This is Microsoft declaring war on hostile code," said Scott Culp, a security program manager at the company.

On the technology front, Microsoft is integrating new software restriction polices in upcoming versions of Windows that will let systems administrators to specify applications that are permitted to run on Windows while barring other applications.

For instance, an administrator can set policies that allow only applications such as Word and Excel to run.

The technology will look for specific markers including file size and signed integrity credentials before allowing applications to run, so hackers won't be able to overwrite approved applications with malicious code, Culp said.

"It is a good, solid barrier against letting anything but trusted code ... run on a user's machine," he said.

The technology is designed to track and stop hostile code like the I Love You and Anna Kournikova viruses, while allowing administrator-approved code to run.

Microsoft is also adding a new security layer as part of the Common Language Runtime environment, which manages the execution of code on Microsoft's .Net framework. The technology will let administrators define limits on the kinds of applications and services that can be accessed by another application. For example, an administrator can define a policy that allows an application to access the contents of a specific database, while denying access to the contents of another database.

Technologies such as these apparently build on Microsoft's ongoing efforts to shore up Windows security. That effort began in earnest with the release of Microsoft's Outlook security update last year. The update bans certain types of e-mail attachments from getting through to users' computers, Culp said.

"We are going from coarseness to fineness," he said. "The security update was the most coarse protection scheme.... There are going to be additional levels of protection that you are going to see in Whistler and XP," he said.



Related stories:

• Microsoft issues patch for new Outlook security hole, Feb. 23, 2001



• Spread of Kournikova virus highlights security lapses, Feb. 19, 2001



• Microsoft enters security business with firewall software, Feb. 16, 2001

Read more about operating systems in Computerworld's Operating Systems Knowledge Center.