Mike Nash, Microsoft’s top security guru said in an online chat session yesterday that Microsoft was “making progress on security using any reasonable metric.”and compared Window’s flaws to those in Red Hat and SuSE. “Even with the relatively large number of bulletins we released this week, we compare favorably,” he said. “Year-to-date for 2005, Microsoft has fixed 15 vulnerabilities affecting Windows Server 2003. In the same time period, for just this year, Red Hat Enterprise Linux 3 users have had to patch 34 vulnerabilities and SuSE Enterprise Linux 9 users have had to patch over 78 vulnerabilities.”
TechWeb has a complete article on the comments, they bring up several points from the chat. “Nash also repeatedly said that it would be important for Microsoft to tie its various security tools together in the enterprise. “We do think that there needs to be a management capability to allow enterprises to both control and monitor their security technologies like anti-spam and anti-virus,” he said. “We’re currently working through specific requirements.”
In a final note, Nash said that Windows AntiSpyware, the tool acquired during its December 2004, purchase of Giant Company Software, will go through at least one more beta version before it’s released. In related news, Microsoft’s anti-spyware product has been targeted by virus writers, in what experts believe is the beginning of what will be a salvo of malware attacks on Microsoft security products.
As other Microsoft executives have said in the past, Nash wouldn’t reveal whether AntiSpyware would continue to be offered free (as the beta is now), or whether fees would be charged. “We have not yet finalized the packaging/licensing, but will communicate that as soon as it’s determined, so stay tuned,” he said.