Microsoft to Automate Windows Security

Microsoft to Automate Windows Security

Microsoft Corp. plans to release a new version of its popular Windows XP software that automatically downloads and installs software patches onto personal computers, one of the company’s most aggressive moves to promote Internet safety.

Starting in mid-2004, Windows XP customers will be able to download a new “service pack” that includes the automatic installation function. The software also will include a stronger Internet firewall, new protections against computer viruses and software that blocks Internet pop-up advertising.

The upgrade is meant to make it easier for the millions of home computer users who surf the Internet but are not computer security experts.

Security is not something most computer users think about unless there is a computer worm or other high-profile threat going around, said Neil Charney, Microsoft’s director of Windows product management. With the upgrade, customers give their consent once and Microsoft will download and install patches for them, he added.

The software is one of the first fruits of the “secure computing” project that Microsoft Chairman Bill Gates launched in January 2002 in response to charges that the software maker was sacrificing security in favor of user-friendly features that hackers could easily exploit.

It is also designed to get security patches installed on Microsoft computers before hackers can figure out how to take advantage of software holes. Microsoft regularly releases software fixes for security flaws but those same fixes can provide hackers with a blueprint for attack. Hackers usually figure out how to take advantage of a security hole within weeks after the patch is released — and that time period is shrinking.

One would think that this would also create an amazing new vulnerability? Still, Microsoft has to do something, I suppose. I’ve been autofed security updates several times over the past few days. Indeed, it’s getting nigh unto ridiculous. If it weren’t for a massive hard drive–not to mention a broadband connection– all these updates would really eat into system resources.

Switching to a Mac, the oft-suggested solution, only works to the extent not many people do it. Surely, it’s not so much that Macs are inherently safer but rather that there’s not much mischief in infecting half a dozen computers with a virus.

FILED UNDER: Science & Technology
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Mark Hasty says:

    Ooh . . . nice last line in that post.

  2. bryan says:

    I’ll gladly be among the half dozen who aren’t infected, thank you very much. As well, I don’t have Bill Gates stuffing more poorly designed software down my throat.

    “Popular windows XP software.” Heh.

  3. John A. Kalb says:

    So far as I can tell, this isn’t really news. You can already switch auto updates on in Windows XP. I personally just set my computer to tell me when there are updates, and I go get ’em.

  4. Don’t be snarky, Dear. I have it on good authority that there are at least ten of us in America.

  5. Paul says:

    Actually James has a hyper geek I can tell you the Mac is inherently more secure. In an effort to obtain interoperability (*cough* and a monopoly *cough*) Microsoft sacrificed inherent security repeatedly.

    The security via obscurity thing is a bonus though.

    Besides the security thing though, they just work better.

  6. Mark says:

    While you can turn on Windows Update downloads now, they don’t automatically install, AFAIK. Once they are downloaded, a balloon will pop up telling you that they’ve been downloaded and that you should install them. From the quote here, it looks like these will install themselves. Me, I prefer to do it manually twice a month or so, or if I know a new virus is out and there is a hole to be patched.

  7. dondo says:

    Actually, both are true: there are far fewer Macs, which makes them a less tempting target; and Macs absoluetley are inherently safer. Windows added security as an afterthought; that’s hard to achieve. The Mac (and all other Unix systems) have network security built in as a primary design consideration.

  8. Ross Judson says:

    Macs are somewhat more secure than XP, although XP can be made considerably more secure if its security features are actually used; generally they are not.

    Most operating systems today make a fundamental error — that programs executed by or on behalf of a user should be given the same security privileges as that user. Programs need to be treated as unknown entities, in general, and be restricted from doing anything they are not specifically granted a right to do.

    “Run As” and “suid root” need to become a thing of the past. I should be able to download any program I want from the big bad internet and execute it immediately. The OS should drop it into a secure environment and then deny it any access to resources it is not specifically granted. Generic rights templates can shortcut the situation, but should be used sparingly.

    Your average computer running OS X or XP is an ecosystem most people are unaware of. We need to treat the entities (programs) living in it as individuals…

  9. John A. Kalb says:

    Mark,

    From what I remember, XP Home (I use professional, which will only do what you say) does have an auto-install feature, which annoyed a lot of the privacy folks when XP first came out.

  10. Pushy Pushy
    Over at Outside the Beltway, James is blogging about Microsoft wanting to automate security on new Windows machines. Microsoft has been kicking around this idea for quite a while, but they seem to have made up their minds to implement