Following months of security breaches in several of its key products, Microsoft announced a two-phase initiative this week designed to keep its customers secure from viruses, worms, and other vulnerabilities. Dubbed the Strategic Technology Protection Program, the initiative begins today with a first phased called Get Secure, during which the company will provide a series of short-term fixes to current and evolving security problems. A longer-term solution called Stay Secure makes up the second phase. In this phase, Microsoft will rewrite much of its key software to ensure that the software is as secure and resilient as possible. It's a move that Microsoft's customers say couldn't come quickly enough.
"As an industry leader, Microsoft recognizes it has a special obligation to help ensure the security of the Internet and our customers' data," says Microsoft senior vice president Brian Valentine, who heads the company's Windows Division. "This is a problem that affects the entire industry, but we recognize that there is more work to do. Effective immediately, we are stepping up our efforts with the singular focus of ensuring the security of our customers' networks and businesses. We will not rest until all our customers have what they need to get secure and stay secure."
Under the Get Secure phase of the initiative, Microsoft will release a slew of fixes, information, and related software designed to plug holes in its existing software. This will include a new Security Tool Kit, which provides a security lockdown tool for Windows 2000 Server and Internet Information Services (IIS), the company's Web server, which has been a prime hacker target of late. Microsoft will also work with its customers to ensure that their installed Windows applications and servers are as secure as possible. And the company will offer free phone support to any customer with security concerns. Within 60 days, the company says, it will ship comprehensive security rollup packages via Windows Update. These packages will install in only one step and require just one reboot. And a new version of AutoUpdate, aimed at businesses, will provide corporations with automatic security fixes on the fly.
Under the Stay Secure umbrella, Microsoft will evaluate and, where necessary, rewrite its software to ensure that it's as secure as possible. The next version of IIS, for example, will ship in lockdown mode, so that the security features are set to their highest levels by default. Only through mucking around with the program's settings can an administrator make the upcoming version of IIS less secure. Microsoft says it is also working with key industry and government groups to ensure that the Internet is as secure as possible.