Microsoft offers security program for the enterprise

Computerworld - In an apparent response to growing concerns related to the security of its products, Microsoft Corp. today rolled out an initiative aimed at making it easier for enterprises to secure, and keep secure, their Microsoft environments.

The initiative, called the Strategic Technology Protection Program, is intended to address issues that users face from the threat of worms and other malicious code, such as Nimda and Code Red.

"What we discovered a few months ago is that, while we are doing a pretty good job providing [security tools and patches], it wasn't easy enough for our customers to roll them out," said Dave Thompson, a vice president with Microsoft's server product group. "Because of our position in the industry, we felt it was our responsibility to make it as easy as possible for the customer" to do what it takes to stay secure, he said.

The program is being rolled out in two phases. As part of the first phase, called Get Secure, Microsoft announced an online security tool kit available for download from the Microsoft Security Web site. The tool kit contains all of the current service packs and critical security patches for Windows NT 4.0 and Windows 2000, Internet Information Server (IIS) and Internet Explorer.

It also features a security tool that ensures that new patches are automatically installed via the Windows Update feature. Also included is an IIS Lockdown tool that disables all functions and settings on Web servers that could be exploited by attackers.

The same service packs and tools will also be available on CD within the next six weeks. Customers can take advantage of free virus-related customer support by calling a Microsoft hot line at (866) 727-2338.

As part of its efforts to get corporations to install all the recommended fixes, Microsoft has mobilized account managers and field representatives worldwide to work directly with customers to ensure that their networks are secure, Thompson said.

Senior Microsoft security executives spoke with about 1,600 CIOs worldwide before announcing this morning's initiative, Thompson said.

In the second phase, called Stay Secure, Microsoft will roll out tools and services aimed at helping companies stay up-to-date on recommended patches and fixes.

As part of this effort, the company will deliver cumulative patches for Windows 2000 on a bimonthly basis. Administrators need to apply only the latest patch to ensure that the operating system is fully patched. The first such patches will become available in the next 60 days, the company said.

In December, Microsoft will release a set of tools for Windows 2000 servers that will be capable of automatically identifying potential system misconfigurations and suggesting changes.

In the second quarter, the company will release its Federated Corporate Windows Update technology, which will let enterprises host their own Windows Update sites and control which patches their users apply.

Read more about security in Computerworld's Security Knowledge Center.