KC Lemson

By KC Lemson [MS]

Blogs

Microsoft Progress Report: Security

  • Comments 3
  • Likes

Bill sent out an e-mail today to a whole bunch of people, and I wanted to highlight some of the Exchange-related parts of it:

Exchange Edge Services: This new technology addresses the evolving security problems associated with Internet email. Exchange Edge Services is designed to block incoming or outgoing malicious email and junk mail, defend against email server attacks and email-borne viruses, and encrypt messages to optimize for security. It is also designed to provide a foundation on which third-party developers can build technologies such as next-generation email filters, email encryption products and email compliance solutions.

...

Windows Update Services, an evolution of Software Update Services 1.0 (SUS), is a major step forward in Microsoft's patch and update management strategy. A free component of Windows Server, Windows Update Services gives IT administrators a seamless update, scanning and installation capability for Windows servers and desktops. New features include the ability to provide customers with additional automation and control that reduces interruption when updating systems, and expanded functionality to update SQL Server, Exchange Server, Office 2003 and Office XP, in addition to Windows. It is currently in beta and scheduled for release in the second half of 2004. For consumers, we are also complementing Windows Update with a new service to automatically keep consumers up to date on a broader set of Microsoft products beyond Windows. This new service, called Microsoft Update, will be available later this year.

..

The security development processes we instituted prior to releasing Windows Server 2003 last year are a prime example of where this effort is showing results that benefit customers. The number of "critical" or "important" security bulletins issued for Windows Server 2003, compared to Windows 2000 Server, dropped from 40 to 9 in the first 320 days each product was on the market. Similarly, for SQL 2000, there were 3 bulletins issued in the 15 months after release of Service Pack 3, compared to 13 bulletins in the 15 months prior to its release. With Exchange 2000 SP3, there was just 1 bulletin in the 21 months after its release, compared to 7 bulletins in the 21 months prior.

..

Spam Tools: Because viruses, worms and other malicious code often spread via spam, Microsoft is waging a multi-pronged anti-spam effort. Last November, Microsoft announced SmartScreen Technology, a filter used in our client and online email programs. It gets progressively "smarter" as email users train the filter to identify unwanted spam. Last month, Microsoft unveiled a pilot implementation of Caller-ID, a technology that authenticates the origin of email, much like telephone Caller-ID. On the enforcement front, meanwhile, the company took 66 legal actions last year against spammers worldwide.

Personally, I am really looking forward to Microsoft Update, I think that it is a big step forward.

Comments
  • I think WUS/MS Update is how it should have been from the start.

    Im also looking forward to getting my hands on a beta of Exchange edge services (hint hint ;)

  • Also interesting was another blog i read just before this, from jupiter research - http://www.microsoftmonitor.com/archives/002615.html, where it talks about "different methods of counting". I wonder if Bill/PR/someone wants to clarify???

    Oh, and i cant wait for one update service to seamlessly update, without reboots. (ok, not asking much here :) I realise how hard this is to implement)

  • Matt - that's a good point, it is due to the different classification of security issues. I pinged Mike Howard about this, and he said he will be updating his blog with this info as well: http://blogs.msdn.com/michael_howard/