Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Microsoft explores automatic patching

Company wants to get critical updates on more systems
Joris Evers   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

August 22, 2003 (IDG News Service) -- In the wake of a widespread Internet worm, Microsoft Corp. is weighing options to get more users to secure their computers, including automatically applying security patches to PCs remotely, the company said.
"We are looking at a range of options to get critical updates on more systems, from finding ways to encourage more people to keep their systems up to date themselves to where it is done automatically by default for certain users," said Matt Pilla, senior product manager for Windows at Microsoft.
Microsoft doesn't plan any immediate changes to the way it delivers security patches, but the company also doesn't intend to wait until the release of its next operating system to improve it, Pilla said.
"This is a priority for us. I think there are a lot of things we can do during the Windows XP time frame to help people make their PCs more secure," he said. The successor to Windows XP, code-named Longhorn, is expected to be out in 2005 or 2006.
Microsoft currently delivers software patches through its Windows Update Web site and through update software in Windows XP, Windows 2000 and Windows Me. The software doesn't download and install patches by default, but asks a user to select from various options, including just receiving alerts when an update is available.
"Giving the user the ability to control auto update is important to us," Pilla said. "One of the things we are working on is a balance between keeping systems up to date and giving users the control over their systems."
Microsoft on July 16 issued a "critical" security update that fixes a serious security vulnerability in Windows. The company urged customers to install the patch. Many apparently ignored the warning, and the Blaster worm that started spreading weeks later was able to infect hundreds of thousands of computers by taking advantage of the vulnerability (see story).
Russ Cooper, surgeon general of TruSecure Corp. and moderator of the popular discussion list NTBugtraq, is one of the most outspoken critics of Windows Update. Nevertheless, he is all for automatically delivering security updates.
"I think it is a great idea; they should have done it ages ago," he said. "We will scrutinize the way they do it. I applaud them for being willing to be put under such a microscope for something they believe the world does not trust them to do."
Microsoft has no choice, it has to take patching into its own hands, said Rob Enderle, principal analyst at Enderle Group in San Jose. "They absolutely have to create a program where patches are applied automatically," he said.
People worried about giving Microsoft control over their systems should weigh the alternative, Enderle said. "People really don't want to give Microsoft access, but if they don't, then the patches don't get applied timely. It is about relatives; do folks trust Microsoft more than they trust a hacker?"









Reprinted with permission from

For more news from IDG visit IDG.net
Story copyright 2006 International Data Group. All rights reserved.


Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"It's IT Blogwatch: in which Grisoft, maker of the AVG anti-virus package, backs down in its attempt to DDoS the..." Read more...
Read more Security posts or See all Blogs

Google gives away home-cooked Web application security scanner
HP eyes move of support facilities out of Colorado Springs
Microsoft trumpets security additions in upcoming IE8
More top stories...
How much is too much? Upgrade your notebook without going over the line
French ruling on counterfeit goods could have far-reaching effects for eBay
Apple cuts price of high-end SSD MacBook Air by $500

This old laptop: Revitalizing an aging notebook on the cheap
All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how.
Bill Gates moves on
Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft.
Five things you should never tell your boss
There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss.
Hands-On: Firefox 3 fixes what's broke and keeps what's right
With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Deploying Virtualized NetWare on Linux Whitepaper
Toward More Flexible, Next-Generation Collaboration Solutions
Driving Business Success Through Workgroup Choice and Flexibility
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.