Prompted by user demands that it respond more proactively to bugs in its software, Microsoft has implemented a new list server that will notify businesses immediately of security flaws in all Microsoft software.
Users can subscribe to the Microsoft list server free of charge by registering on Microsoft’s World Wide Web page at www.microsoft.com/security, said Karan Khanna, security product manager for Windows NT.
Although list servers to disseminate security flaws aren’t unheard of, the fact that Microsoft took this action now underscores that the Redmond, Washington, software company is grappling with an ever-increasing array of software glitches.
In the past month alone, BugNet, an online service in Sumas, Washington, devoted solely to publicising security alerts, has posted 124 bug alerts on Microsoft products.
“No other vendors even come close. And Microsoft has sometimes been lax about notifying users of a problem and getting the fix out,” said Bruce Brown, editor and publisher of BugNet.
Neil MacDonald, an analyst at Gartner Group, agreed, but noted that Microsoft’s track record has gotten better in the past year. “Two years ago, I gave them very poor grades for bug responsiveness. They’re better now but can still use improvement. The list server should help get the word out more quickly,” MacDonald said.
“I hope so,” said Phil Easter, technology strategist at Greyhound Lines, Inc. in Dallas. “Like everyone else, we have a good amount of Microsoft software, and if there’s a bug, I want to know about it right away. We don’t take chances with network security.”
MacDonald attributed the increase in glitches in Microsoft products at least partly to the fact that the company’s software code — especially for the Windows NT operating system — is growing fatter and more complex.
“The more code you have, the more likely you are to have bugs. And Microsoft’s code is growing. The current NT 5.0 beta is about 32 million lines of code. And in the past, Microsoft has even shipped buggy service packs, which are supposed to provide fixes for the bugs in its software,” MacDonald said.
Separately, Microsoft posted a fix to its Internet Information Server Versions 3.0 and 4.0 last Thursday that closes a security hole. Without the fix (at www.microsoft.com/security), scripting information on a Web server is accessible to anyone via Web browsers, which could help hackers enter the server, BugNet reported.