Early this week, I was once again flooded with email messages about the Nimda virus, ranging from my antivirus software provider's announcement about a new Nimda variant to messages explaining how uninfected Web servers can still spread the infection. By now, I'm sure that all my readers are taking every prophylactic measure they can to prevent infection of their computer systems, and I've received requests for additional checklists that users can use to make sure that every system is as secure as possible.
The good news is that Microsoft is finally getting into the act by launching its Strategic Technology Protection Program (STPP). Initially, the STPP represents Microsoft's commitment to improve the security of its products and to provide tools customers can use to ensure this security. I wonder whether Gartner's recommendation that users drop Microsoft IIS motivated this Microsoft security effort. Details of the program are available here and include links to the online Microsoft Security Toolkit, where you'll find step-by-step guides to securing client and server systems.
The guides show that you need to do a lot of work to secure your systems, even if your goal is to secure only your Windows 2000 Professional clients. (Windows XP is not included on this site. I presume Microsoft will add XP when the OS officially launches October 25.) The most crucial piece of the security-protection model is Step 5: Ongoing Maintenance Program. After you secure your systems, you need to realize that the protections you apply today are good only until someone finds a new way to break them. Following a rigorous, ongoing maintenance process is the only way to assure yourself that you're as up-to-date as possible in keeping your computers secure. Getting your systems to a comfortable security level and keeping them there isn't going to be a fun task, but it's an essential one.