The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds |

Business / Technology

Our network sites | Advanced

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times reporter Sharon Chan.

E-mail Sharon| RSS feeds Subscribe | Blog Home| Brier Dudley's Blog

August 5, 2008 9:40 AM

Microsoft rolling out new tools for computer security pros

Posted by Benjamin J. Romano

At a major computer security conference in Las Vegas today, Microsoft is announcing new efforts to characterize computer security threats.

Microsoft regularly issues security bulletins and fixes for its software on the second Tuesday of each month, known as "patch Tuesday." But often, hackers are able to quickly use the patches to engineer attacks before IT departments can implement the fixes.

A new Exploitability Index is designed to help IT pros prioritize those updates. The index will "provide customers with guidance on the likelihood of functional exploit code being developed for vulnerabilities addressed by Microsoft security updates."

Beginning in October, Microsoft will rate whether an exploit of the vulnerabilities it identifies is unlikely or likely. If it's likely, Microsoft will also rate whether an attack could consistently or inconsistently exploit the vulnerability.

Microsoft also plans to alert security software providers ahead of "patch Tuesday," so they can prepare tools that may help customers defend against attacks. Microsoft acknowledged that this effort, known as Microsoft Active Protections Program (MAPP), involves sharing sensitive security information. Software vendors have to apply to become part of the program and meet certain criteria. One of these: "Members may not sell attack-oriented tools." That's good.

Ryan Narine, writing on ZDNet's Zero Day blog, points out that the program still poses "major risk."

"As everyone knows, vulnerability data is big business and the specter of a rogue employee with access to what amounts to zero-day vulnerabilities is a scary thought. What happens if the information flowing through MAPP is being siphoned off and sold to malicious attackers?"

A Microsoft Security manager tells him the company "will tightly lock down access to the program and implement measures to identify potential leaks. Participants in the program must sign NDAs and have a significant enough customer base for protection-oriented software."

Meanwhile, for the non-IT staff, here's a handy reminder from Consumer Reports of what not to do online to keep your computer safe and identity protected.

Digg Digg | Newsvine Newsvine

Submit a comment

*Required Field

Type the characters you see in the picture above.

Recent entries

Aug 6, 08 - 09:29 AM
'Significant' data and storage announcement; buyback talk; Yahoo recount

Aug 5, 08 - 09:40 AM
Microsoft rolling out new tools for computer security pros

Aug 4, 08 - 10:43 AM
Windows Live marketing site gets new look, user-generated content

Aug 1, 08 - 02:09 PM
Yahoo directors re-elected, but shareholders show displeasure

Aug 1, 08 - 01:13 PM
Microsoft news roundup







Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Browse the archives

August 2008

July 2008

June 2008

May 2008

April 2008

March 2008

Bill Gates: His Legacy, His Future

Bill Gates

Bill Gates, who last week ended his full-time involvement with Microsoft, was often right. He made a career, a company and an industry by looking over the horizon.

From the tech blogosphere

More on Microsoft from the Seattle Times


Buy a link here