[D.T. note: I'll be leaving today for the Black Hat and Defcon conferences in Las Vegas. Be sure to check for a variety of security stories during the week.]
Microsoft is launching two initiatives aimed at improving its reputation among security researchers today at the Black Hat security conference.
The first is a tool called the Exploitability Index for consumers to discern security risks. The tool tells consumers about each of the security updates they should download for Microsoft software and which ones pose the highest danger in terms of cyber threats.
The index tells the consumers which updates should installed first and in what order. It also says whether malware code is likely to be created based on particular security bugs mentioned in the updates. It goes without saying that there will be threats, since Microsoft is the main target of hackers and it has to launch security updates at least once a month. It will be available this October as part of the Microsoft Security Bulletin Summary.
The second program is the Microsoft Active Protections Program. Under this MAPP program, security developers who qualify can get early access to information that will appear in Microsoft’s monthly security reports. This way, the security developers are more likely to have a patch ready for any exploits that are described in the security reports. Those eligible for the early warnings are any developers who makes software that protects large numbers of Microsoft customers. Security providers can apply by sending requests for more information to email@example.com.
Mike Reavey, group manager of the Microsoft Security Response Center, said that both initiatives are part of the company’s six-year-old “trustworthy computing” initiative. Going into the show, Microsoft is at least looking better than Apple, which has had a problem patching the recent DNS flaw discovered by security Dan Kaminsky. Apple also canned a talk from a researcher who was preparing to talk about Mac security.
Reavey noted that there are 60 percent fewer infections cleaned off machines with Windows Vista, compared with those with Windows XP Service Pack 2. But he added, “Customer pain is still there. The attacks are evolving. We see more attacks with social engineering (such as tricking people out of their passwords) and more targeting of business and personal information coming online.”
In the second half of 2007, there was a 300 percent increase in the types of attacks from Trojan software downloaders and other kinds of malware. Microsoft’s operating systems are the subject of a couple of talks at Black Hat. Microsoft itself will have its own spin on the event through its Black Hat press room.
[Photo: djwanson on Flickr]