It may be difficult to realize it, given the almost daily security warnings and virus threats, but it turns out your computer is a lot more secure today than a year ago thanks to your friendly neighborhood software giant.
That’s right, Microsoft declared at the Black Hat conference in Las Vegas Monday that the industry has made significant progress in defending against online threats, thanks to a number of initiatives it introduced a year ago, in cooperation with industry partners.
To recap, at last year’s Black Hat conference (an annual gathering of security experts), Microsoft announced three new programs – the Microsoft Active Protections Program (MAPP), Microsoft Exploitability Index, and the Microsoft Vulnerability Research (MSVR) program. The MAPP and MSVR programs are both aimed at increasing industry collaboration to both raise the alarm when new threats are discovered and to more rapidly deliver fixes. The exploitability index is designed to help customers prioritize deployment of security updates based on the likelihood of a security hole being exploited.
Microsoft says the programs have proven to be successful in drawing the industry together to anticipate and respond to new threats. As of this month, 47 partners had joined the MAPP program. More importantly, the company says the attack window – the race between when an exploit has been discovered and when protection is available – has been dramatically reduced, in some instances by as much as 75%.
At the Black Hat Conference Microsoft announced further enhancements to its security efforts. The company unveiled a new application called the Microsoft Office Visualization Tool. The tool provides a visual representation of the Office binary file, designed to help programmers understand how an attack targets Office applications. Microsoft claims most attacks target applications rather than the underlying operating system, and that in the second half of 2008 almost half of all attacks were against applications rather than the OS.
The company also announced an endeavor called Project Quant, an online resource to provide enterprise users with a means to estimate the cost of a patch update. Finally, the company announced the availability of a downloadable Microsoft Security Update Guide that explains the security update process.
All of these various initiatives announced by Microsoft are welcome and are definitely steps in the right direction. Most consumers and enterprise users, however, just wish the software they rely on to run their businesses and manage their communications and personal information were more secure in the first place.
Only registered users can write comments. Please login or register.