It's unfair to blame Microsoft for all the world's computer security ills, says a senior Microsoft manager.
And though system vulnerabilities are commonplace, Greg Leake, a marketer in the company's .Net enterprise solutions group, doesn't think organisations should hold back from deploying web services.
Leake was one of numerous Microsoft speakers brought to Auckland from the US last week for the company's Tech-Ed developer conference. .Net, Microsoft's web services offering, was the topic that kept their tongues wagging.
They were able to demonstrate locally created web services that were readily integrated into applications using .Net development tools. And Leake readily deflected criticism that Microsoft software was so open to hacker attacks that web services were too risky for businesses to rely on.
"In some ways the media attention on Microsoft is unfair," says Leake, of the bad press the company has received over the Code Red worm. Code Red, which was rampant earlier this month, exploits a vulnerability in Microsoft's Internet Information Server (IIS), a component of Windows NT.
Leake says such vulnerabilities are a fact of life, and affect other software companies just as they affect Microsoft. But he says the company isn't complacent about the issue.
"It's a huge concern. We have teams that respond on a 24 x 7 basis to security threats, but obviously we need more of a focus on it."
Security threats or no security threats, Leake says commerce is moving online, as proven by the growth of internet banking. He's confident that Microsoft is upping its game on the security front.
"Part of the web services standard is that it be rock solid." ASP.Net, for example, which is part of the .Net family of products, is based on a new authentication model which is "a step up from IIS".
But the surest way of lifting security is to educate IT managers to apply patches before vulnerabilities are exploited, he says.