Category: News

The Air Force is consolidating its 38 software contracts and nine support contracts with Microsoft into two all-encompassing, agencywide agreements, according to a statement seen by CNET News.com.

The contract, done in conjunction with Dell, will call for the installation and configuration of software as well as ongoing maintenance and upgrades.

The deal, which includes 525,000 licenses of Microsoft’s Windows and Office, is valued at $500 million over six years, according to Microsoft.

The move is part of the “One Air Force, One Network” strategy that the Air Force plans to announce Friday. An Air Force representative confirmed many details of the announcement, including that it is expected to save the agency $100 million over six years.

“The consolidation will result in standard configurations for all Microsoft desktop and server software,” the Air Force said in the statement. “The standard configurations will enforce rigorous security profiles and will be updated online with security patches and software updates.”

Microsoft representatives confirmed that the company will work with the Air Force to define security configurations for the agency’s desktop and servers. The representatives also said the deal includes an agencywide help desk service contract.

The Air Force deal differs from that of other government agencies because it will involve more custom work around security, and because the Air Force has taken an agencywide approach to procuring software and services, said Curt Kolcun, the general manager of Microsoft’s federal business.

“By working together in this way, we can get a better understanding of what we need to do to our technology and how it will be applicable for commercial products, as well as other agencies,” he said.

http://news.zdnet.com/Air+Force+turns+to+Microsoft+for+network+security/2100-1009_22-5457344.html?part=rss&tag=feed&subj=zdnn

http://www.itu.int/osg/spu/newslog/2004/11/22.html#a761

George Stathakopoulos, director of Microsoft product security, told ZDNet UK sister site ZDNet Australia on Wednesday that his long term goal is to create an operating system that will never need patching. But he concedes that because software is so complex this is a virtual impossibility.

However, Stathakopoulos said that as Microsoft continues to rid Windows of bugs and improves its overall resilience, the company is hoping to extend the time between patches from the current monthly update to as much as six months between updates. He believes SP2 is a step in the right direction because it brings greater resiliency to the Windows OS, which would mean an MSBlast-type attack on an SP2 system would not cause as much chaos because administrators would have more time to react.

“Take the RPC vulnerability — that enabled the MSBlast worm. If you had a personal firewall, the vulnerability doesn’t exist. Even if you take down the firewall, XP SP2 now has memory protection that filters buffer overruns. We want to change the rules so even when a hacker can exploit a buffer overrun he can’t do anything material with it,” said Stathakopoulos.

Neil Campbell, national security manager at Internet security specialists Dimension Data, welcomes Microsoft’s efforts at increasing the time between patches. Microsoft is definitely working towards reducing the number of times companies have to patch,” said Campbell. “If an application tries to write to a part of memory that it shouldn’t have access to, it will get stopped through a combination of software and hardware.

http://news.zdnet.co.uk/software/windows/0,39020396,39174244,00.htm

The Lindon, Utah-based Vintela has been cranking out software over the past few months to extend Windows-based authentication, management, and monitoring capabilities to UNIX, Linux, and Macintosh operating systems. Privately held Vintela plans to seek another round of funding early next year with an eye toward expanding research and development, sales, and support services.

The irony is that Vintela’s product set grew out of intellectual property the founders acquired from Caldera, which sued Microsoft for antitrust violations related to the desktop operating system DR-DOS.

Vintela over the past month has introduced four integration products that tie Microsoft features to the Linux, UNIX, and Macintosh platforms. Using MOM, IT administrators can manage those platform resources from the existing MOM administrator, operator, and Web consoles as well as the MOM reporting mechanism.

In September, the company introduced Vintela Group Policy, which extends the group policy features of Active Directory to UNIX and Linux desktops and servers.

http://www.pcworld.com/news/article/0,aid,118612,00.asp

Gartner’s Neil MacDonald and Rich Mogull said that Oracle has declined to provide more detailed information about the vulnerabilities that spawned a patch first released in August, then re-released in October.

Although keeping mum is Oracle’s standard policy, the analysts took the company to task for not spelling out the consequences of not applying the patch, and more important, whether the vulnerabilities affect older, non-supported versions of Oracle’s Database Server, Application Server, and Enterprise Manager.

“At worst, [this means] records in every Oracle database you own could be vulnerable,” the pair wrote in an online alert posted to the Gartner Web site. It may be smart to not provide hackers information that could be used to craft exploits, but that “differs from offering information about the implications of not protecting yourself against that exploit,” the guys from Gartner wrote.

“System administrators don’t have enough information to decide which servers to prioritize or which data is most vulnerable.”

And if Oracle offered more detail about the vulnerability, customers might be able to set up defenses, such as deep-packet inspection firewalls, intrusion prevention systems, and application firewalls to protect themselves against attacks, they added.

MacDonald and Mogull recommended that enterprises using the Oracle products apply the patches to supported versions. If older editions are in use, such as 7.x or 8.0x, they advised companies to either upgrade immediately or switch to a rival database. They also urged Oracle customers to put pressure on the Redwood Shores, Calif.-based database giant.

“Ask Oracle to follow Microsoft and other leaders that disclose the details of their vulnerabilities and provide security patches freely to anyone on any supported version of their products,” they recommended.

http://www.techweb.com/wire/security/52601314

The company said the protection extends to current and older versions of its software, including its Windows operating system, Office desktop software and SQL Server database. The company already offers unlimited protection to its volume license customers but is adding the indemnity for customers who buy its key products in other ways, such as from a computer maker or even off a retail shelf. “When we looked at things, there was no reason not to provide that coverage to all those folks as well,” said David Kaefer, director of intellectual-property licensing for Microsoft.

The protection covers four main types of claims: patent, copyright, trade secret and trademark. The protection extends to nearly all of Microsoft’s products, with the main exception being embedded versions of Windows, largely because customers are able to modify the code.

Of course, it’s not just altruism that motivates the software maker. The company plans to make indemnity a new plank in its “Get the Facts” campaign, which touts the advantages of Windows over Linux. Chief Executive Steve Ballmer talked about indemnity as a key differentiator during Tuesday’s shareholder meeting. “We enhance the intellectual-property indemnifications we give our customers,” Ballmer said at the meeting. “We can stand behind our products in a way that open source can’t because they have no one standing behind them.”

Kaefer said the argument is resonating with some customers who are concerned about liability. “More and more customers are realizing you don’t get what you don’t pay for,” he said.

Hewlett-Packard and Novell have offered liability protection to some Linux customers, but both Microsoft and analysts note that most of the protections from the Linux vendors are more limited.

Last year, Microsoft lifted a cap for its volume-licensing customers that had limited the dollar amount of protection Microsoft offered its customers against intellectual-property claims resulting from their use of Microsoft software.

Microsoft has been beefing up its own intellectual-property portfolio, a move that Kaefer said does make it easier for Microsoft to offer such protections. “The reason we are able to do this at all is because we have done some of the things that you have to do earlier in the process,” he said.

As part of the announcement, Microsoft highlighted two customers–Regal entertainment and ADC Telecommunications–that said that indemnity was key to their choice of Windows over Linux. “We simply aren’t interested in having to worry about potential legal risks of deploying Linux in this environment,” ADC Telecommunications manager Jamey Anderson said in a statement.

http://news.com.com/Microsoft+to+back+customers+in+infringement+cases/2100-1014_3-5445868.html?part=rss&tag=5445868&subj=news.1014.5