InfoWorld Home / Security Central / Security Adviser / Pigs fly! Microsoft leads in security
June 19, 2009

Pigs fly! Microsoft leads in security

Microsoft's success with Security Development Lifecycle has security experts buzzing and offers lessons -- along with a heap of free resources -- for your company

| Print | 8 comments|
955 Recommendations

Talk about a turnaround. It's always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world's most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft.

Haters will always continue hating, but the technical press is giving a lot of favorable coverage to Microsoft's successful efforts to make itself a computer software security leader. Here are some recent examples:

"Microsoft for a long time rightly got a bad reputation for insecure products. However, as an industry we should recognize the sea change in Microsoft's approach to security, of which this [Microsoft's plans to share its Security Development Lifecycle process components] is just one example, and encourage other vendors to follow Microsoft's lead." -- SANS NewsBites

[ Roger Grimes lays bare two of the most vulnerable components of Internet security: software and Web browsers | Learn how to secure your systems with Security Adviser newsletter. ]

"Microsoft becomes high priest of secure software development." -- CNET

"When I first started writing about information security five years ago, all a writer had to do was mention Microsoft in the same headline space as 'security vulnerability' to strike page-view gold. In 2004 Microsoft was a couple years into its Trustworthy Computing Initiative but it remained the software company IT security practitioners hated with glee.... That's not so much the case today." -- Computerworld

"'This [Windows 7 new memory protection] is smart,' said Charlie Miller, who as principal analyst at Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X, and Linux. 'I think they're [Microsoft] trying to stay ahead of the curve.'" -- The Register

Related Content...

White Paper

D2D Virtual Tape Library Replication Primer

This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.

Download now »

White Paper

An Alternative to Virtualization for Datacenter Cost Savings

Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.

Download now »

White Paper

Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network

The emergence of WLANs has created a new breed of security threats to enterprise networks.

Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation

Download now »

White Paper

Bringing the Edge to the Data Center

Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.

Download now »
7 of 8 comments
Sign In or Register to comment
amercer 19-Jun-09 8:44am
Roger wrote regarding Microsoft's changes: "Now it has become a model for many other popularly attacked products, and vendors not using a regularly scheduled patch period are being asked to get on board by their customers." I couldn't agree more but would ask even more, that other vendors work with Microsoft to develop a enterprise patch management and delivery system similar to WSUS or build upon WSUS to allow deployments of patches other than Microsoft's own.
cmaurand 19-Jun-09 9:56am
What have you been smoking? ActiveX is still there in all of their products and all of the malware and virus problems rely on ActiveX. As long as ActiveX is there, Windows will have major troubles.
jerrylombardo 19-Jun-09 3:05pm
1 reply
It's about time someone noticed that MS has a secure platform to offer. Now when will someone notice that Apple also wants you to type a password - even when installing system updates?
rbert16000 25-Jun-09 6:53am
1 reply
Right on... Just another thing MS is copying from Apple.
rbert16000 25-Jun-09 6:54am
OSX has been doing this for years.
Devarie 24-Jun-09 9:10am
Nice article although fells like another derivative of the media and malinformed hype regarding security on MS products. The media has made its dent in ridiculing MS attempts to security with the "alow or deny" ads brought up by Apple but as "lombardo" says above, those who use Macs also know that they ask for passwords and so does Linux. Now, not trying to cover the sky with one hand, there is something to be said about a popular applications such as those produced by MS, as the malicious developers strive to maximize their gains. Why would they go after Mac or Linux? Anyways, I am glad that someone is kind of pointing out that MS has secure products it is just that it gets painted as if the other products aren't vulnerable. I wonder what kind of structure where those large enterprises that became victims of malicious attacks running. I wonder how many had redhat or mac or Suse etc as their front ends. Yes, MS blows, but is there anything substantially better out there?
rbert16000 25-Jun-09 6:52am
HEAP is right! Why cant they get it right and make it so! As long as they use snippets, there will be hackers to exploit them.

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2009 Infoworld, Inc.