Microsoft would like extend its Windows patch cycle from once a month to once every six months, but only after the company is confident its customers will remain safe between the updates.<\/p>\n","protected":false},"excerpt":{"rendered":"
George Stathakopoulos, director of Microsoft product security, told ZDNet UK sister site ZDNet Australia on Wednesday that his long term goal is to create an operating system that will never need patching. But he concedes that because software is so complex this is a virtual impossibility.<\/p>\n
However, Stathakopoulos said that as Microsoft continues to rid Windows of bugs and improves its overall resilience, the company is hoping to extend the time between patches from the current monthly update to as much as six months between updates. He believes SP2 is a step in the right direction because it brings greater resiliency to the Windows OS, which would mean an MSBlast-type attack on an SP2 system would not cause as much chaos because administrators would have more time to react.<\/p>\n
“Take the RPC vulnerability — that enabled the MSBlast worm. If you had a personal firewall, the vulnerability doesn’t exist. Even if you take down the firewall, XP SP2 now has memory protection that filters buffer overruns. We want to change the rules so even when a hacker can exploit a buffer overrun he can’t do anything material with it,” said Stathakopoulos.<\/p>\n
Neil Campbell, national security manager at Internet security specialists Dimension Data, welcomes Microsoft’s efforts at increasing the time between patches. Microsoft is definitely working towards reducing the number of times companies have to patch,” said Campbell. “If an application tries to write to a part of memory that it shouldn’t have access to, it will get stopped through a combination of software and hardware.<\/p>\n
http:\/\/news.zdnet.co.uk\/software\/windows\/0,39020396,39174244,00.htm<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-587","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=587"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/587\/revisions"}],"predecessor-version":[{"id":3074,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/587\/revisions\/3074"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}