Selling Microsoft's Security Story
The Trustworthy Computing initiative has brought significant improvements to some of Microsoft's technologies. Be sure you're taking advantage of them.
- By Daniel Schaan
- July 01, 2005
When I ask clients and peers what they think of Microsoft's Trustworthy
Computing effort, I get a range of responses. Some offer an affirming
nod, others a shrug or cynical laugh. "I like what they've
done so far," some say, although one client not long ago said,
"What's that? Never heard of it."
The latter response is the one I least like to hear because it
reinforces how much work remains to be done in educating customers
about security. It's been three years since a Microsoft white paper
declared the company had "elevated security to the top priority
for the company." During that time, Microsoft has made significant
progress in its Trustworthy Computing initiative, particularly with
the release of Windows XP Service Pack 2.
Let's start with features delivered in Windows XP SP2, which collectively
provide better protection against viruses, hackers and worms:
- Windows Firewall—Turned on by default, the built-in
Windows Firewall helps increase computer security and reduce the
risk of network and Internet-based attacks as soon as you start
up your computer.
- Attachment Manager—Monitors and disables potentially
unsafe e-mail attachments, which could contain viruses that might
spread through Internet Explorer, Outlook Express and Windows
- Automatic Updates—Helps users automatically stay
current with the latest updates for the operating system.
- Outlook Express Privacy Update—Helps reduce unwanted
e-mail by limiting the possibility of your e-mail address being
validated by potential spammers.
- Windows Security Center—Tells users whether key
security functions, including the Windows Firewall, Automatic
Updates and Virus Protection, are up to date and working property.
In January, Scott Charney, Microsoft's vice president of Trustworthy
Computing, reported that 140 million copies of XP SP2 had been distributed
since its release seven months earlier. That goes a long way toward
making all of us safer.
Microsoft has also delivered other numerous, useful technologies
that can prove valuable in helping secure customer IT infrastructures.
- Windows Server 2003 SP1—SP1 provides enhanced security,
increased reliability and simplified administration. A central
component of the Windows server operating systems, the Active
Directory service provides the means to manage identities and
- Internet Security and Acceleration (ISA) SP1—ISA
SP1 provides advanced stateful packet and application-layer inspection,
and helps protect organizations of all sizes from attack by both
external and internal threats.
- Windows Update—Helps keep computers up to date.
It scans client machines and provides a tailored selection of
updates that apply only to the items on the computer.
- Office Update—Similar to Windows Update, this online
extension of Office helps keep Office 2003, Office XP and Office
2000 products up to date with the highest levels of security,
stability and critical functionality available.
- Baseline Security Analyzer 2.0—A free vulnerability
assessment tool for Windows, designed for IT professionals.
- Systems Management Server 2003—Microsoft's strategic
solution for change and configuration management of Windows-based
systems. This includes deploying operating system images, managing
mobile devices and easing management-tool operations.
Trust is earned—day in, day out—and should never be
assumed or taken for granted. Users trust IT administrators, and
administrators must believe in and trust the tools and products
Since 2002, Microsoft has come to more fully realize just how important
safe and trustworthy computing is to people and businesses. It has
made real improvements for the better in both its corporate culture
Let's take advantage of them, and prevent some user heartache down
the road. As a close friend of mine in law enforcement often says,
"If I have to show up at a crime scene, I'm already too late."