- In an effort to help its customers secure their computer systems and maintain that security, Microsoft yesterday announced a new program called the Strategic Technology Protection Program (STPP).
The programme will be implemented in two phases, with the first, Get Secure, launched yestereday and the second, Stay Secure, set to debut within 60 days, according to a Microsoft statement.
The Get Secure phase of the STPP will see Microsoft technical account managers and field representatives working directly with customers to ensure that their networks and computer systems are operating securely, Microsoft said. In addition, the company will also offer customers free technical support related to viruses and a Security Tool Kit that includes patches and service packs that address the important security vulnerabilties in Windows NT and 2000, along with the IIS Lockdown tool and documentation. The Tool Kit includes prebuilt configurations for small businesses, end-users and systems administrators, says Dave Thompson, vice president of the Windows Server division at Microsoft. The Security Tool Kit can be downloaded for free and will be available on CD-ROM on October 15, Microsoft says.
The second step of the program will include new security packages made available to customers through the Windows Update website, which will offer one-step security configurations and cumulative patches, Thompson says. Microsoft also plans to offer an automated service that will provide security fixes to enterprise customers as they are made available. This service is set to be ready within the next six months, Thompson says. The service will be free and will offer companies the option to either have the patches automatically applied to their systems, or simply to have them downloaded for later installation, he says.
The company will also expand the scope of its Secure Windows Initiative program, an effort to improve the security of all Microsoft products, the company says. The expanded program will include improving the code in IIS (Internet Information Server -- Microsoft's web server software), and installation of IIS in the more secure lockdown mode by default, it says.
STPP will focus primarily on customers, rather than on technology or patches, because "the next step in the battle against hostile code is focusing on the customers," Thompson says. A focus on customers will lead to making it easier for them to find and apply patches, as well as to secure their systems, he says.
"It's a matter of practically understanding how we can make it easier for everybody (to be secure)," he says. Microsoft has been working on this program for a number of months, he says.
Microsoft software has been at the heart of a number of widespread and serious security incidents over the past few months. Both the Code Red and Nimda worms exploited vulnerabilties in the IIS web server software to further their spread. Those vulnerabilties had been discovered months before the worms attacked. Despite this, and despite the existence of patches to correct those flaws, both worms were able to infect hundreds of thousands of computers.
This, and the cycle of the patching vulnerabilties, led the research firm Gartner in late September to recommend that companies drop IIS in favor of other web servers until Microsoft took steps to ensure the security of IIS.
More information about the Strategic Technology Protection Program and the download of the Security Tool Kit can be found at Microsoft.