Microsoft has pledged to improve security testing on its products by next year.
Speaking at the Information Systems Security Association conference in London on Thursday, Ed Gibson, chief security advisor for Microsoft UK, said the company's products are undergoing tougher testing than ever before but customers would not see the results until next year.
Gibson said: "The whole concept of trustworthy computing is taking a different approach. The lifecycle from origin to the product hitting the shelf is going through security testing like no other product that's gone out. But that's not where we're at yet.
"Microsoft is dealing with it. We're going through the lifecycle but we won't see the products through this until 2006."
Gibson, a former FBI agent recently appointed by the software giant, said there would always be a need for 'critical updates' — formally referred to as patches by Microsoft. "When a critical update is released, there are people out there intent on compromising every product. As soon as the update goes out there is something else to follow it. I ask you, will there ever be a time when we don't have to do updates?"
Microsoft currently issues patches on a monthly basis. From April to August this year, vulnerability monitoring firm Secunia has warned of 21 flaws in Windows XP Professional, 24 per cent of which are, according to Secunia, still unpatched by Microsoft.
Gibson said the 'exploit and update' cycle is not unique to Microsoft.
"It's for every product and an industry issue," he said. "[Exploits] are written by organised crime for extorting money. I don't know how you deal with that in an open source world. Worms and viruses don't start by themselves and we know there have to be more viruses for spammers to operate."
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
You are quite right. HDS has not been marketing their products well. USPV is miles ahead in terms of ease of use and technology on enterprise...
3 hours ago by sgardia on Will the SUN set on Hitachi Data Systems OEM relationship?
Fedora is the same way as well. The yum update system uses "presto" which shrinks the amount of data needed for download. It's a great system....
14 hours ago by apexwm on Can you believe it - 2765 kB will be freed?
Updated ID cards considered for 2012: [zdnet.co.uk] The government is considering introducing a new generation of ID... http://dlvr.it/KpBZ
15 hours ago on Twitter by cybfor Google, Viacom trade blows in YouTube copyright spat: [zdnet.co.uk] Google and the US media giant Viacom have issued... http://dlvr.it/Knht
16 hours ago on Twitter by cybfor Be sure to include an audio option - eg. a beep tone - to intensify and reiterate the action. This will greatly benefit some consumers and give...
16 hours ago by CIMITL Data disposal is really important to get right. There are standards set by UK and US federal governments to ensure that data is kept secure. If...
17 hours ago by DataSecurityUK Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
18 hours ago by chaycon1 on BT launches 40Mbps fibre-based broadband Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
18 hours ago by chaycon1 on Google to build gigabit broadband to the home
Hi Dava, I'm glad to hear from you, and glad that you see things from the other side. I think that is the most important point of the whole...
19 hours ago by J.A. Watson on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest
please please please please please please kill that spam bot.
19 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way it didn't post the link it's 'Ubuntu 10.04 Lucid Lynx Beta-1 First Look' on youtube :) Dava
22 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi James I disagree, Ubuntu needs a GUI update and this one IMO is quite good. your pics show a low res. here's a high res. on YouTube* The...
22 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi any news on the comment bot? knocking me back from my own blog is a bit cheeky lol *Mulder to Scully* "I think it has an agenda.." I know, I...
23 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way if you look at the Brentwood exchange on samknows it servers 21,000 residential propertiesm, Lowestoft serves 31,000! Come on BT sort yourselves...
24 hours ago by benny boy on BT fibre broadband coming to 69 more towns
[programming] H.264 - a sting in the tail http://reddit.com/bfu4q [zdnet.co.uk]
1 day ago on Twitter by pbreddit
H.264 - a sting in the tail [programming] 13 points, submitted by zigzag [zdnet.co.uk] http://reddit.com/bfu4q
1 day ago on Twitter by reddit Malware infects second Vodafone HTC phone: [zdnet.co.uk] A second Android-based HTC Magic from Vodafone has been... http://dlvr.it/KhKx
1 day ago on Twitter by cybfor
Chatter preview http://www.zdnet.co.uk/news/application-development/2010/03/17/salesforce-opens-up-chatter-developer-preview-40088348/
1 day ago on Twitter by miyabi81For multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
People. They promised that two years ago. All it got you is the promise that you'll have to undergo payed upgrades to get to the next level of security that Microsoft has to offer. Like before.
9 Sep 05 20:46 ReplyWasn't it the FBI that stated that: "crimes are invited"? Meaning, that the weakest guy within a group of ten is more likely to be attacked?
9 Sep 05 21:00 ReplyI just hope Microsoft doesnt compromise usability to increase security (Yes in the real world having a friendly fluffy interface with pretty icons is actually more important than security)
10 Sep 05 21:51 Reply