InfoWorld Home / Security Central / Security Adviser / Pigs fly! Microsoft leads in security
June 19, 2009

Pigs fly! Microsoft leads in security

Microsoft's success with Security Development Lifecycle has security experts buzzing and offers lessons -- along with a heap of free resources -- for your company

| Print | 8 comments|
955 Recommendations

Talk about a turnaround. It's always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world's most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft.

Haters will always continue hating, but the technical press is giving a lot of favorable coverage to Microsoft's successful efforts to make itself a computer software security leader. Here are some recent examples:

"Microsoft for a long time rightly got a bad reputation for insecure products. However, as an industry we should recognize the sea change in Microsoft's approach to security, of which this [Microsoft's plans to share its Security Development Lifecycle process components] is just one example, and encourage other vendors to follow Microsoft's lead." -- SANS NewsBites

[ Roger Grimes lays bare two of the most vulnerable components of Internet security: software and Web browsers | Learn how to secure your systems with Security Adviser newsletter. ]

"Microsoft becomes high priest of secure software development." -- CNET

"When I first started writing about information security five years ago, all a writer had to do was mention Microsoft in the same headline space as 'security vulnerability' to strike page-view gold. In 2004 Microsoft was a couple years into its Trustworthy Computing Initiative but it remained the software company IT security practitioners hated with glee.... That's not so much the case today." -- Computerworld

"'This [Windows 7 new memory protection] is smart,' said Charlie Miller, who as principal analyst at Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X, and Linux. 'I think they're [Microsoft] trying to stay ahead of the curve.'" -- The Register

Related Content...

White Paper

D2D Virtual Tape Library Replication Primer

This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.

Download now »

Trial

Free 30-Day Desktop Virtualization Trial

Download a free 30–day trial and experience how XenDesktop delivers a pristine, on–demand desktop experience to users on whatever device they choose, while cutting IT complexity and costs.

Download now »

White Paper

Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network

The emergence of WLANs has created a new breed of security threats to enterprise networks.

Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation

Download now »
7 of 8 comments
Sign In or Register to comment
amercer 19-Jun-09 8:44am
Roger wrote regarding Microsoft's changes: "Now it has become a model for many other popularly attacked products, and vendors not using a regularly scheduled patch period are being asked to get on board by their customers." I couldn't agree more but would ask even more, that other vendors work with Microsoft to develop a enterprise patch management and delivery system similar to WSUS or build upon WSUS to allow deployments of patches other than Microsoft's own.
cmaurand 19-Jun-09 9:56am
What have you been smoking? ActiveX is still there in all of their products and all of the malware and virus problems rely on ActiveX. As long as ActiveX is there, Windows will have major troubles.
jerrylombardo 19-Jun-09 3:05pm
1 reply
It's about time someone noticed that MS has a secure platform to offer. Now when will someone notice that Apple also wants you to type a password - even when installing system updates?
rbert16000 25-Jun-09 6:53am
1 reply
Right on... Just another thing MS is copying from Apple.
rbert16000 25-Jun-09 6:54am
OSX has been doing this for years.
Devarie 24-Jun-09 9:10am
Nice article although fells like another derivative of the media and malinformed hype regarding security on MS products. The media has made its dent in ridiculing MS attempts to security with the "alow or deny" ads brought up by Apple but as "lombardo" says above, those who use Macs also know that they ask for passwords and so does Linux. Now, not trying to cover the sky with one hand, there is something to be said about a popular applications such as those produced by MS, as the malicious developers strive to maximize their gains. Why would they go after Mac or Linux? Anyways, I am glad that someone is kind of pointing out that MS has secure products it is just that it gets painted as if the other products aren't vulnerable. I wonder what kind of structure where those large enterprises that became victims of malicious attacks running. I wonder how many had redhat or mac or Suse etc as their front ends. Yes, MS blows, but is there anything substantially better out there?
rbert16000 25-Jun-09 6:52am
HEAP is right! Why cant they get it right and make it so! As long as they use snippets, there will be hackers to exploit them.

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Comprehensive Data Protection for Storage Appliances

With the continuous expansion of data capacity, completing the full cycle of a scheduled scan can be a very time consuming process. Find out how to efficiently secure EMC Celerra with centralized virus scanning, virus pattern file updates, event reporting and antivirus configuration.

Download now! »

White paper

Secure Celerra Environments with Minimal Overhead

A single virus-infected file in a storage system can be responsible for infecting large amounts of data. This white paper details the architecture and product features of Trend Micro's data storage security solution, ServerProtect, and discusses how it has been designed to protect EMC Celerra file servers with minimal overhead.

Download now! »
White paper

Keep Linux Servers Free from Malware

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now! »

White paper

Centrally Managed Virus Protection for Windows and NetWare

With the emergence of mixed threat attacks, a failure on a single server can quickly impact the entire network. Learn how a technology that is designed to remove and block infected files on application and file servers prevents the virus from reaching users and keeps your Windows network free from malware.

Download now! »
©1994-2009 Infoworld, Inc.