• 10/24/2003
    5:00 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Microsoft Makes Another Security Pledge

The company will now send out monthly, rather than weekly, patches.
As we've stated time and again, securing the perimeter is not the way to go. Rather, you should concentrate on securing your most important assets. We made the case for asset-based security in January and February of this year. Securing the perimeter is about closing off all incoming connections. Congratulations, you've solved ... nothing. Perimeter security doesn't guard against Internet Explorer exploits, e-mail exploits via Outlook, internal attacks or socially engineered attacks. Firewalls aren't mystical boxes that magically keep out the bad people. The perimeter is huge and full of entry points. Remote laptop users can bring a virus or worm into an organization behind the firewall next time they come into the office or connect over a VPN. Securing the perimeter is helpful, and educating users on how to do it is noble, but Microsoft should focus on making its products secure and bug-free.

The move to monthly patch releases is intriguing. I know many will argue against it, but monthly releases will be easier for enterprises to work with, assuming that people actively patch and the vulnerability isn't disclosed until a week or two after the patches are available.

Post a comment or question on this story.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments