Microsoft Tries to Buckle Down Windows

Hacker attacks and viruses are the hobgoblins of Windows systems--and they spook IT buyers. At the RSA Conference on computer security in San Francisco Monday, Microsoft execs said they plan to banish some of those problems by expanding their patch-distribution service, enabling better antivirus scans of Windows apps, and cracking down on E-mail-borne viruses.

During the next year, Microsoft execs say, the company plans to release a second version of its Software Update Services--which lets systems administrators download and apply Windows patches--that can distribute patches for additional Microsoft software, including Office, Exchange Server, and SQL Server.

The company also plans within a year to release a complement to its Windows Update service that can patch products such as Office. Windows Update service lets consumers and small-business users download operating-system patches from Microsoft.com.

New attacks against Microsoft server products helped spur release plans, says Mike Nash, a corporate VP in charge of Microsoft's security unit. "The work we did in response to Code Red and Nimda for Windows was spot on. But Slammer demonstrated the need for more," he says. The Slammer worm this year attacked thousands of computers running Microsoft's SQL Server database software that hadn't had a months-old patch applied.

Microsoft also said it's working on better antivirus scans of applications. In conjunction with software vendors Computer Associates, Network Associates, Symantec, and others, Microsoft is developing what it's calling the Windows File System Filter Manager Architecture, which could let antivirus software written to a proposed spec scan apps each time data is moved in or out of them instead of just when they're opened or closed.

In other developments at the RSA Conference, Microsoft said:

- Independent software vendors will receive a software development kit "shortly" for Windows Rights Management Services, an upcoming add-on to Windows Server 2003 that can attach digital rights to documents and E-mail messages.

- Exchange Server 2003, due as early as June, will include an updated virus-scanning API (version 2.5) that can kill infected messages at companies' gateway servers, before they reach Exchange's message store. Microsoft's new E-mail software will also include the ability for anti-spam software to make more-nuanced guesses about which messages are spam, granting E-mail administrators more control over what's blocked, Microsoft says.

- Microsoft's "Next Generation Secure Computing Base" technology--a.k.a. Palladium--could add to the cost of systems, though likely "not much," says group product manager Mario Juarez. Microsoft plans to release additional white papers on its plan for Windows technology and new PC circuitry to better secure application software at its Windows Hardware Engineering Conference in New Orleans next month. Test code could be available by the end of the year, Juarez says.