Often criticised for distributing products with security flaws, Microsoft is now making an all-out effort to help ensure Internet security for its customers. Microsoft introduced its Strategic Technology Protection Program in October to address what VP Brian Valentine calls a "crisis of confidence in the Internet as the collaboration medium for the coming years." In this article, I'll give an overview of the program and examine a new toolkit it offers as a fix for certain security concerns.
The Strategic Technology Protection Program
Because Microsoft's investment in the Internet is so great (in fact, Bill has bet the company's future on it), the company has decided it must get proactive in making the Internet safe for its customers. With the Strategic Technology
Protection Program (STPP), Microsoft is promising a whole new strategy for
combating security risks with its products.
Instead of just doling out security patches when the latest virus hits, Microsoft is ramping up its efforts to keep customers secure at all times. The STPP uses a two-pronged approach to
help customers first "get secure"--that is, recover from existing viruses or security problems--and then "stay secure" from future attacks. The Microsoft Security Tool Kit plays a leading role in this program--a role we'll describe in detail in this article. (You can access
the toolkit at no cost via the Microsoft Web site, or you can order a CD. TechNet subscribers received the kit in their November release, sans the automatic installation feature. A stand-alone version will be distributed with the December TechNet CD.)
In addition to distributing the security toolkit, the STPP also has Microsoft making calls to its enterprise customers to address security concerns and providing universal, no-cost security-related product support and online resources to all its customers.
To simplify administrators' security tasks, the company will distribute a bimonthly cumulative patch for Windows 2000. An enterprise security tool for Windows 2000 servers, available in December, will alert administrators of configuration problems that could compromise security. A second tool will simplify the process of deploying security patches networkwide.
The Windows 2000 Service Pack 3, due out in February, will introduce an auto-update client that allows Microsoft to install security patches directly onto machines with no help from the administrator. And a final tweak in mid-2002 will give system administrators more control over the Windows Update technology.
That's the scope of the Strategic Technology Protection Program. Now let's take a closer look at the meat and potatoes of the program--the Microsoft Security Tool Kit.
A look inside the online Microsoft Security Tool Kit
The kit is broken down by operating system (either Windows 2000 or NT, with a further classification for Terminal Server Edition). It contains four main sections: Guides, Software Updates, Deployment and Management Tools, and Online Resources.
Guides
You can use the Guides section to ensure your systems have all the latest security updates. At the top of the list are the Guide To Baseline Security and Baseline Security Checklists (see Figure A). The checklists are advertised as a front line of defense for your systems that are vulnerable to security risks. The steps included in the checklists provide basic security procedures you'll want to have in place before moving on with the rest of the kit.
Figure A
These checklists go over some of the steps you should
take to secure your systems.
Though not as comprehensive as the baseline checklists, the remaining guides--Windows 2000 Service Pack and Hotfix Installation and Deployment Guide, Deploying Service Pack 6a with SMS, and the Internet Explorer Deployment Guide--should appear familiar to you from working with previous upgrades.
Software updates
Perhaps the most important part of the kit is the Software Updates section. Here, you'll find everything from Windows 2000 Service Pack 2 to the latest version of Internet Explorer. The complete list includes the following items:
- Windows 2000 Service Pack 2
- Internet Information Server 4.0 Security Rollup Package
- Internet Information Server 5.0 Security Rollup Package
- Windows NT 4.0 Service Pack 6a
- Windows NT 4.0 Security Rollup Package
- Windows NT 4.0 Service Pack 6 For Terminal Server Edition
- Internet Explorer 5.01 Service Pack 2
- Internet Explorer 5.5 Service Pack 2
- Internet Explorer 6.0
- Security Bulletin MS01-008
- Security Bulletin MS00-095
- Security Bulletin MS00-070
- Security Bulletin MS00-052
In the Microsoft Security Tool Kit, the Windows 2000 and NT updates come with a brief description as well as a link for more details. The Internet Explorer updates come with a download link. Each Security Bulletin contains a Technical Details link that will take you to the appropriate patch download page. Though you can get these updates separately on Microsoft's Web site, the company made a wise decision by combining these selections, given the significant impact each update makes to a system.
Deployment and management tools
The tools included here are useful for both server and client,
but I'll elaborate on the three significant tools that will be good for the client side. The first, HFNetChk,
assesses the patch status of Windows clients from a remote location.
Hfnetchk.exe will scan the patch status for the following Microsoft
products:
- Windows NT 4.0
- Windows 2000
- All system services, including Internet Information Server 4.0 and 5.0
- SQL Server 7.0 and 2000 (including Microsoft Data Engine)
- Internet Explorer 5.01 and later
The next handy client tool is the Critical Update Notification tool, which periodically checks for updates on the Windows Update Web site and sends a notification to the client machine. This link provides instructions on activating this product, which is already installed with Windows 98, 98SE, and 2000.
Finally, Qchain allows you to chain multiple hotfixes together to eliminate rebooting for each installation. This tool keeps user downtime to a minimum when multiple hotfixes are necessary.
Online resources
The Online
Resources section is a catchall for security issues not directly addressed by
the toolkit. It lists links to popular Microsoft technical support sites you can
use to protect your systems:
- Microsoft TechNet Security Web site
- Sign up to receive security bulletins
- Security Bulletin Search site
- Microsoft Personal Security Advisor
- Other Security Tools and Checklists
Conclusion
Today's computing environment is fraught with security concerns. New, more dangerous code is finding its way onto the Internet with alarming regularity. With so much at stake, it's no wonder Microsoft is taking a more active role in securing the Internet.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to fire walls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2001 TechRepublic, Inc.
You want microsoft automatically putting updates onto your computers? I think not.