March 2007 - Posts
March 21, 2007
Surprise, Microsoft Listed as Most Secure OS
By Andy Patrizio
UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec (Quote), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.
The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
The report found that Microsoft (Quote) Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.
During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.
Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days.
The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.
Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple (Quote) has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.
Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.
Bringing up the rear were HP-UX from Hewlett Packard (Quote) and Solaris from Sun (Quote). HP-UX had 98 vulnerabilities in the second half of 06 and took 101 days to fix them. Sun, though, really dragged its feet, taking on average 122 days to fix 63 vulnerabilities. It wasn't doing much better in the first half of 06, either. It took 89 days to fix 16 vulnerabilities.
Alfred Huger, vice president of engineering for Symantec Security Center, said the real problem is with Web applications, where two-thirds of all vulnerabilities are found. Operating systems are fairly minor, and despite the long time periods, the vendors are doing "an ok job, just not stellar."
The response from vendor's mentioned in the report was mixed. A Microsoft spokesperson issued a statement to internetnews.com that said in part "As a part of this industry, Microsoft continues to adapt to address these threats and continues to work with others in the industry to protect customers as a whole."
Anuj Nayar, manager of Apple's Mac OS X and developer relations, would only say "Apple takes security very seriously and has a great track record of addressing vulnerabilities before they affect you."
Sun specifically disputed Symantec's data and conclusions in a statement emailed to internetnews.com:
"Symantec's data on security vulnerabilities simply does not match Sun's. We can't verify Symantec's sources and consider their report on Sun inaccurate. From 7/1/06-12/31/06 we published 54 Security Sun Alerts, of which 36 were for Solaris - substantially less the 63 Solaris vulnerabilities claimed in the Symantec report. Past analysis of our vulnerability response shows we responded within five days for the vast majority of vulnerabilities, but averages are skewed by a small minority of 3rd party applications (or code) that are included/bundled with Solaris. Sun responds to all reports of security vulnerabilities, and we stand by our reputation and established track record of responding to security vulnerabilities with Sun Alerts and a quick turnaround time for patches.
Analyst Charles King with Pund-IT said Microsoft has had to be aggressive about dealing with security issues because it's such a big target. In that regard, the company has met the challenge.
"I think in a way that a culture of having been under attack for a decade or more has led to the company taking a very proactive approach to fixing those problems," he told internetnews.com. "In the last 24 months, they've taken a very aggressive stance toward the security of their system. In review after review of Vista, despite its faults, the security of the system has been considerably better than XP."
By contrast, King said there have been complaints in the past about Apple's lack of response to security issues. But as the Mac and Linux gain marketshare, they will have to respond much quicker.
"Are the old models of response to security issues going to be able to fly or will those companies start to take some serious publicity hits from these increasing vulnerabilities and a relatively lackadaisical response to fixing those vulnerabilities?" he asked.
Following the field call US Partner Readiness will host our very first Monthly Partner Readiness Call: This new Partner Call is for our valued partners to get first hand up to date information on the latest trainings Microsoft is offering. During this 30 minute conference we will cover current trainings and answer questions from our Partners.
US Partner Readiness Call
Live Web Seminar
3/23/2007
US Partner Readiness Call
Live Web Seminar
4/20/2007
US Partner Readiness Call
Live Web Seminar
5/18/2007
US Partner Readiness Call
Live Web Seminar
6/15/2007
Microsoft calls out to small businesses
New system merges phones, Internet
By DAN RICHMAN
P-I REPORTER
Microsoft Corp. used its second annual Small Business Summit on Monday to introduce a phone system it says is more flexible and easier to use than those typically available to small businesses.
Called Response Point, the system is built using Microsoft software, with hardware from any of three competing companies: D-Link Corp., Quanta Computer Inc. and Uniden Corp.
Microsoft Chairman Bill Gates, who has a strong interest in the knotty problems of voice recognition, appeared in a video introducing Response Point, saying it contains "the best voice-recognition software we've ever developed" and calling it "a major breakthrough."
Microsoft is increasing its focus on phone software to take advantage of businesses moving toward Internet telephony, an area President Jeff Raikes has said will give the company billions in revenue in several years.
Microsoft says it can make phone systems cheaper and easier for businesses large and small.
Response Point Senior Product Manager Jeff Smith said Monday that the system lets callers connect to individuals, departments or anyone with a particular job title by speaking their requests aloud.
Internal users can transfer calls by voice command alone, with no need to press buttons or look up extensions. They can call anyone on their Outlook Contacts list with a voice command, even if their PCs are off.
Because of advances in voice recognition, the system needn't be trained to respond to each user's voice commands, Smith said.
Voice mail can be checked and archived through Outlook e-mail as attached sound files, and optional software on each user's PC allows on-screen identification of incoming callers.
Response Point uses Internet Protocol, or IP, technology, though it works over both IP and conventional phone lines. Each phone has its own IP address, so administrators can freely move and add them. A central unit coordinates which phone is assigned to what user.
The product is going into a second phase of testing in April and is expected to ship later this year. Pricing hasn't been released, but Smith described it as "very competitive."
One preliminary user of Response Point, software maker Iomedex Corp. of Seattle, said the system is straightforward and easy to manage.
"Microsoft is really trying to take customer feedback seriously," said Chris Gale, vice president of sales for the 10-person company.
He said that some handsets had static but that Microsoft has helped the hardware makers address that problem.
About 300 small businesses are expected to attend the five-day Small Business Summit, with another 30,000 tuning into Webcasts, a spokeswoman said.
The event is designed to let owners of small businesses learn the details of new Microsoft products and to meet and question the people behind the products.
David Percelay, executive director of airborne-ambulance service AIRescue, said he and his wife, company founder Dr. Fran Vogler, came up from their Van Nuys, Calif., headquarters to attend the conference.
He said AIRescue wants especially to understand the security and mobility features in Microsoft's new Windows Vista operating system and the latest version of Office for small businesses.
"We think Vista will help us meet some new, very stringent confidentiality requirements for patient records, and we hope mobility features will let us communicate from our fixed-wing aircraft on life-and-death decisions," Percelay said.
Reserve Your Spot: Microsoft Licensing Bootcamp for Resellers
Can YOU have a whiteboard discussion with your customers and educate them on the best way to apply technology to solve their business problems? GREAT. What about MICROSOFT LICENSING? Our most successful VARs are using licensing as a vehicle to sell more services, rather than as solely a commodity line item.
Join special guest, Beth Ebert, MICROSOFT LICENSING SPECIALIST for this half-day bootcamp, offered only to New England Resellers. Due to popular demand, it’s nothing but licensing. Bring your questions & expect a LIVELY discussion. This bootcamp will help build your capabilities in the areas of Open License, Open Value and Financing Options.
WE EXPECT A WAITING LIST: REGISTER NOW
May 10: Farmington, CT (Link Farmington, CT to http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032331659&culture=en-US)
May 2: Burlington, MA (Link Burlington, MA to http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032334626&Culture=en-US)
Some Questions on DST that I have had.
Q.I think I have a DST problem that I need to get fixed. Can I call someone for help?
A. Yes! If you are a Premier customer (you will know if you are) call 1-800-936-3100. If you are not a Premier customer call 1-800-MICROSOFT (1-800-642-7676)
Q. I don't know if I will be impacted by this or not. How can I find out?
A. We have a DST Help and Support Center that helps you to get answers based upon what kind of computer user you are.
Q. I would just like to get up to speed on what might happen with the changes. Where can I get more information?
A. We have some technical chats and webcasts that are available on-demand to help. More Info Here.
Q. We use Exchange and Outlook and have heard there could be some issues with appointments in the Outlook calendar. Is there a fix?
A. Yes! Check out this KB article on what the fix does and how to obtain it. *PLEASE* read the KB article before taking any action! AND make a BACKUP!