On security, Microsoft reports progress and alarm

Microsoft plans to issue a report Nov. 3 with some mixed news on computer security, reports the New York Times: The security of its Windows operating system has significantly improved, while at the same time the threat of computer viruses, frauds, and other online scourges has become much more serious. The company blames organized crime, naive users, and its competitors for the deteriorating situation. In the latest edition of its twice-a-year "Security Intelligence Report," Microsoft said the amount of malicious or potentially harmful software removed from Windows computers grew by 43 percent during the first half of 2008. The company said improvements in security for its Windows Vista operating system and security updates to the previous Windows XP system had made such software a less attractive target for attackers. Instead, they have shifted their attention to security holes in individual programs, Microsoft reports. During the first half of the year, 90 percent of newly reported vulnerabilities involved applications, and only 10 percent affected operating systems, according to the report. Microsoft executives said they were pleased with the progress made since the company was shaken by a series of destructive programs that spread rapidly around the world over the internet beginning in 2003. But they said that unless software development practices change throughout the industry, any improvements in the security of Windows would be meaningless. "This story is real," said George Stathakopoulos, general manager for Microsoft’s Security Engineering and Communications group, referring to the improvement in the company’s engineering practices. "Now we have a third-party problem and it’s something we have to go solve."

Click here for the full story