Microsoft customers tell Rick Devenuti, corporate VP of IT: "Microsoft tells us lots of things but you don't tell us what's really important." They also tell him: "Microsoft's comments are very descriptive. Be more prescriptive" on how to set up new software or make a system more secure.
Devenuti recounted those two comments as among those he's encountered most frequently as he talks to customers about how to improve security.
As part of its effort to be more prescriptive, Microsoft has staged a series of "summits" around the country seeking to advise customers on how to implement greater security in the Microsoft portion of the enterprise infrastructure. Devenuti made the last stop of the tour on Tuesday in San Francisco, where he advised several hundred customers at the Moscone Center they would gain a stronger perimeter if they standardize on Windows 2003 Server for their Web servers, mail servers, and other gateways into the company. During its first 12 months, Windows Server 2003 had only 13 Security Bulletins issued on problems with the operating system, compared with 43 in the first 12 months of Windows 2000, he said.
Earlier this month, Devenuti noted, Microsoft upgraded its Windows XP client operating system by issuing Service Pack 2 with an improved Windows Firewall, which has previously been shut off by default. Such was the case even inside Microsoft, and Devenuti said he and other employees questioned why the firewall was shut off as the Blaster worm spread through companies in 2003. If the firewall had been easier to activate, Blaster would have encountered more barriers to its spread.
Service Pack 2 for Windows XP includes a Security Center that quickly tells the user whether the firewall is off or on and gives the user the means to turn on desired features. It also provides an attachment manager that protects against potentially malicious E-mail and includes a blocker of pop-ups and other downloaded code into Internet Explorer.