Category: Product

According to a posting on Microsoft’s Web site, the Update Rollup for Windows 2000 Service Pack 4 (SP4) will include all the security-related updates produced for the operating system between SP4’s release in November, 2003, and when the Redmond, Wash.-based developer finalizes the rollup’s contents.

It will also contain “a small number of important non-security updates,” said Microsoft.

It’s taking the rollup route–which it also used in October 2003 when it released a cumulative collection of security fixes for Windows XP–rather than a service pack, said Microsoft, because the number of not-seen-before updates are few, and Microsoft expects to have released most of them as individual updates prior to the rollup’s release.

Microsoft will end support for free security fixes to Windows 2000 in June, 2005.

http://www.newsisfree.com/iclick/i,62767654,1920,f/

The company said Thursday that it will release security bulletins and accompanying patches for its products on Jan. 18, April 12, July 12 and Oct. 18. The bulletins will address security vulnerabilities for products such as Application Server, E-Business Suite and Enterprise Manager and will be issued through the company’s support Web site.

“Organizations prefer regular, planned schedules for patching their information technology systems,” Mary Ann Davidson, chief security officer of Oracle, said in a statement. “The quarterly schedule strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities while making it easier for customers to manage the maintenance process.”

The schedule is also designed to avoid common blackout dates; many organizations are not allowed to update systems at the end of the quarter when they are closing their books.

Oracle also said the updates could help cut the cost of applying patches by delivering a single patch for fixing multiple vulnerabilities. The move reflects an industry trend of software companies releasing fixes to tackle security vulnerabilities in their products on appointed dates.

http://news.zdnet.com/2100-1009_22-5458541.html?part=rss&tag=feed&subj=zdnet

The company’s “chief trustworthy computing strategist”, Scott Charney told delegates at Microsoft’s IT Forum (ran week of 15th November 2004) that the company had to improve its communication to the industry.

In addition to working on building more secure products by design, promoting security training and development and easing patch management, the company is partnering with hardware makers and security companies, Charney said. Charney portrayed security as his mandate, saying that when government initially ceded the Internet and computers to the public domain, it also gave away its role as protector.

http://www.techworld.com/security/news/index.cfm?NewsID=2628

During a keynote speech at the company’s IT Forum conference in Copenhagen, Denmark, Gates outlined Microsoft’s ambitious effort to trim the cost of managing corporate data centers, called the Dynamic Systems Initiative. Microsoft’s DSI is a multiyear plan to wring greater productivity out of systems operators, who oversee company networks.

Microsoft also announced systems management-related product updates, including the first public test release of an automatic Windows update service.

With better management tools, administrators can handle more tasks, such as updating server patches, more quickly. Improved systems administration has become a high priority for Microsoft’s business software division. Company executives point out that the majority of information technology budgets are dedicated to running existing systems, rather than creating new business applications.

Microsoft competes with IBM, Hewlett-Packard and other companies in the systems management software market.

The first products to come from Microsoft’s DSI will appear next year with the release of Visual Studio 2005, the company’s flagship programming tool. With it, developers are expected to begin to build applications that are less likely to crash or suffer from poor performance, Microsoft claims. During his speech, Gates discussed the longer-term vision for DSI as well as how Microsoft is seeking to improve its management tools, said David Hamilton, director of Microsoft’s Windows and enterprise management division.

Hamilton said that future Microsoft management products, namely Systems Management Server and Microsoft Operations Manager, will be designed to monitor performance of data center components by tracking Microsoft-defined “models.” The models will describe the health of an application, its configuration and the tasks it supposed to perform, he said. These models can be defined by programmers with a modeling tool that will be part of Visual Studio 2005 Team System, which is set to be available in the first half of next year.

For example, a developer can indicate that an e-mail application needs to run on four servers and have a certain amount of bandwidth to meet expected demand. “Models are a way of tracking the instrumentation of the application in real time,” Hamilton said. “Getting the models right is absolutely critical.”

Gates also discussed a new smart card, from a company called Axalto, that can be programmed using Microsoft’s development tools. The smart cards can then be used as a secure mechanism for logging onto corporate networks, in conjunction with Microsoft’s existing Active Directory and Identity Integration Server software.

By describing the company’s long-term plans for DSI, Microsoft hopes to get developers and systems operators familiar with the company’s future products and recruit third-party companies to build add-ons to Microsoft’s systems management software, Hamilton said.

Also at IT Forum, Microsoft said that it has started a wide-scale beta testing program for its Windows Update Service for sending out Windows patches, and that its Microsoft Operations Manager 2005 product and Virtual Server 2005 software are generally available worldwide. The company also released enhancements to SMS 2003 for easing large-scale desktop deployments and for installing software on Windows handheld devices.

http://news.zdnet.com/2100-3513_22-5453730.html?tag=adnews

While the business-oriented products stand as updates from the anti-spyware applications marketed by PestPatrol before the CA buyout, the consumer package marks the first time the technology has been tailored specifically for home users by either company.

Sam Curry, vice president of eTrust security management at CA, said the company has identified more than 1,200 new strains of spyware over the last eight months–a sign of the growing threat of the nefarious software.

Spyware applications are typically installed without a user’s permission via Web browser exploits or e-mail programs, with the intent of surreptitiously tracking computer usage, stealing personal information or sending spam.

Among the primary changes CA said it made to the PestPatrol technology for business customers are improved reporting capabilities, faster spyware scanning tools and expanded customer support. The corporate version also provides security administration controls to manage protection for large numbers of desktops. In addition, executives said that CA has reworked the products’ licensing terms for companies.

The PestPatrol interface has been redesigned in the consumer package to make it easier to use by people who are not IT professionals, CA said. For instance, the Anti-Spyware r5 software, which will retail for $39, enables people to set up automated scanning schedules and receive reports on what has been fixed. That contrasts with a process where they would have to manually fix and test systems using a readout of what the software had found.

Curry said that consumers are finding that Spybot and other anti-spyware applications available for free download over the Internet can no longer tackle all varieties of spyware. He believes that customers will be willing to pay for tools that do a better job. “The most important thing for people to realize about spyware is that it doesn’t function like a virus, where you can find it and clean it off your computer fairly easily,” Curry said. “When you look at spyware, there could be hundreds more points of infection. It may not be as life or death to your computer as a virus, but there are certainly big implications about how personal a spyware attack can be.”

While many companies have identified spyware as a major concern, research shows that few are using technology specifically designed to combat the problem. In a nationwide survey of IT managers and executives released by Equation Research, 70 percent expressed growing concern over the issue, but fewer than 10 percent said they have installed anti-spyware software.

http://news.com.com/CA+gives+anti-spyware+a+consumer+face/2100-1029_3-5443428.html?part=rss&tag=5443428&subj=news.1029.5

WSM features a variety of wireless management functions to streamline the administration of 802.11x networks: automatic WLAN (define) discovery and mapping; automatic detection and disabling of unauthorized wireless connections; access point load balancing and automatic channel allocation; and WEP (define) key management.

To take advantage of this feature, network users need to install a WSM agent — which authenticates the user — on their laptop, PDA or other mobile device.

Sumit Deshpande, vice president of development in CA’s wireless solutions group, said enterprises have been for the most part good at securing their networks from wireless snoops or unauthorized users. “What we do is make it easier for enterprises to use those standard measures to protect their environment. ”

Deshpande said the next version of WSM will be available in the next six to nine months, with 802.11i — the Wi-Fi security standard slowly wending its way through the Institute of Electrical and Electronics Engineers (IEEE) process — support at the top of the list.

http://www.wi-fiplanet.com/news/article.php/3429691