Microsoft Unveils New Security Tools and Security Vendor Consortium

by Alex Woodie

Microsoft chief executive Steve Ballmer last week announced plans to release a new product called Client Protection that's designed to protect business desktops, laptops, and file servers from spyware, "rootkits," viruses, and other means of committing computer crimes and vandalism. Ballmer also announced the creation of a new consortium called the SecureIT Alliance, which will be aimed at helping security software vendors like VeriSign, Trend Micro, and Symantec work more closely with Microsoft to improve security.

Microsoft desperately wants to be seen as a company that "gets" security, and it's apparent the company is making progress in that area. Last summer's release of Windows XP Service Pack 2 (SP2) and this spring's release of Windows Server 2003 SP1 proved that Microsoft will pull out the stops--even delay the future version of Windows codenamed "Longhorn"--to make incremental improvements in the security of its products. While achieving progress, Microsoft still has a long and challenging road ahead of it to improve the security of its products.

"We're investing heavily in security because we want customers to be able to trust their computing experiences," Ballmer said last week from Munich, Germany. "With the continuing onslaught of malware, viruses, phishing attacks and other kinds of Internet fraud, creating a more secure computing environment requires a concerted, long-term effort on the part of all technology companies, as well as customers and governments."

To that end, Ballmer unveiled Client Protection, which the company is heralding as a "milestone" in its security work. According to Mike Nash, vice president of Microsoft's Security Business and Technology unit, the new Client Protection will combine "strong anti-spyware tools, comprehensive virus protection, and centralized management," backed by a "global malware-research system" staffed by Microsoft and its partners. The software will work with Active Directory and Windows Server Updates Services (WSUS).

Microsoft didn't say it, but Client Protection will likely make use of the anti-virus and anti-spyware technology it acquired from GeCAD Software in 2003 and Giant Company Software in 2004. However, you can't buy Client Protection yet, as the product is still in development. A beta program is scheduled to start by the end of the year, Nash says.

While Microsoft's R&D team in Redmond works on Client Protection, its executives have been busy lining up support for the SecureIT Alliance, a new program designed to unite Microsoft with computer security organizations as a preparation for combating emerging threats.

The SecurIT Alliance will unite and expand upon other security programs that Microsoft has helped create, including the Virus Information Alliance and the Global Infrastructure Alliance for Internet Safety. The SecurIT Alliance Web site, www.secureitalliance.org, will go live later this year with resources and tools available to the security community, Microsoft says.

There are 30 founding members of the SecurIT Alliance, including Computer Associates. Sam Curry, vice president of security management for CA, says users need more than just tools to fight security threats, and the new group is just the ticket. "This collaborative effort brings together key players with a sufficient critical mass to make a difference," Curry says. "Vendors need to work together and be more coordinated to enable better standards, better management, and better risk mitigation for all."