Microsoft Moves To Lock Down Developer Tools
Microsoft said the design of the .Net Framework, also known as Whidbey, will be the security role model for developer products.
03/01/04 3:23 PM PT
Reinforcing its efforts to bolster software security, Microsoft is planning to release updates to its Visual Studio .Net developer tools and .Net development environment. The news comes on the heels of the company's announcement that it will release a large, security-oriented service pack for its Windows XP operating system.
The company indicated it is hoping to ship the developer service pack along with the XP update, expected about midyear. In recent months, Microsoft has faced an increasing number and severity of security holes and has been criticized for placing too little priority on security in its previously developed software.
However, iDefense director of malicious code Ken Dunham told TechNewsWorld that although Microsoft is making progress toward its security goals, the job of locking down its software is a massive one. After all, Microsoft must secure not only the millions of lines of code in its own operating system, but also programs from other vendors that integrate with Windows.
"Even if they promote and implement [plans], it's not going to be a magic bullet," Dunham said. "It's not going to solve the problems of tomorrow. The problems of tomorrow are going to be complicated."
Baking Security In
Calling Windows XP Service Pack 2 more than a normal roll-up of bug fixes, Microsoft said the update will include significant security upgrades, such as a firewall enabled by default. Some industry analysts went so far as to describe the update as a different operating system.
The company said developers working in the Visual Studio environment will be affected by the new security functionality available with the updates, adding that the design of the .Net Framework, also known as Whidbey, will be the security role model for developer products.
"With the number of incidents on the rise, Microsoft has decided to make a proactive effort to dramatically improve the security of the Windows XP and Windows Server 2003 operating system families," the company said on its developer site. "To this end, Windows XP Service Pack 2 provides a number of new and enhanced features aimed at improving security of the operating system and applications."
Waiting for Security Weight
Gartner research vice president Richard Stiennon said the recent spate of security vulnerabilities, worms and other attacks aimed at Microsoft products is a result of the company's lack of security focus in the past.
"This is the price they pay for making protocols willy nilly just to get the job done," Stiennon told TechNewsWorld.
Referring to complaints that Microsoft's patches, XP service packs and developer tools are taking too long to hit the market, Stiennon said the risk of attack grows astronomically with time.
For his part, Dunham said that in its security push, Microsoft must pull off a tough balancing act between security and usability.
Rough March Ahead
In the short term, of course, Microsoft's software will remain unaltered. And Dunham noted that while the number of people relying on and using e-mail and other technology tools has increased, security awareness has not.
Referring to the high number of new computer worms, variants and other malware spreading and slowing Internet traffic -- including six Bagle variants and two Netsky variants making the rounds Monday -- he predicted cloudy skies for computing this month.
"March is coming in like a lion and will probably go out like a pride," Dunham said. "It's just a continued deluge of worms and attacks that are so easy, so trivial and, unfortunately, so successful in the wild."