Ben English told ZDNet Australia the planned security 'engagements' involving Microsoft consultants and partners had only actually been taken up by 15 enterprise customers after Microsoft managers had initially flagged 40 as being highly "at risk".
The remainder had opted to review and update their security procedures internally after initially asking the software heavyweight to help them do so.
The companies' initial concern was sparked by the volume of high-profile virus activity around at the time the program was launched a year ago. The MSBlast worm in particular, which infected millions of home personal computers, generated a lot of fear within the corporate community. However, English said, several companies who initially contacted the vendor may have found that risk factors other than deficient patch management processes were to blame for their real or perceived vulnerability.
English said while the program was "ongoing to some extent" -- with a couple of engagements still in the pipeline -- interest was waning. He said this was happening for two reasons: firstly, a lot of organisations had "a more mature security posture" than a year ago and secondly, Microsoft had improved its job of educating the enterprise user community.
Microsoft set up the program last year to help its 700-strong enterprise customers -- those with 500 personal computers or more -- upgrade their patch management and general tech security profiles. Where there was direct involvement by Microsoft's consulting services arm or one of its partners, such as Dimension Data, the software heavyweight was picking up at least part of the tab.
The program was, English said, the top end of a tiered program to help enterprise companies mitigate their risk.
The security lead also touted the improvements made by Microsoft in terms of its security-related processes and technologies, including the delivery of patches on a "monthly and predictable" cycle, clearer indications as to just how critical a patch is, a new Update feature that will allow the download of updates for applications as well as the Windows operating system and the auto-update feature of Service Pack 2.
English -- fresh from the latest round of security summits conducted around the country by Microsoft -- said the company was now focussing on fighting social engineering threats such as phishing scams and other spam e-mails. Spyware had also emerged as a huge threat, he said, quoting research that claimed 70 percent of personal computers were infected.
From a Microsoft perspective, he said, one third of all support calls for Windows XP related to problems with spyware -- software installed on computers without their owners knowledge that typically keeps track of Web surfing habits or generates pop-up ads.
Initiatives from the software heavyweight to fight phishing scams include inclusion of anti-phishing technologies in the beta of the new Internet Explorer (IE) 7 browser for XP.
In January this year, the company introduced the beta version of its Windows AntiSpyware application, designed to protect PCs from spyware.
However, English denied that the problems with identity theft were such that they could undermine public confidence in online initiatives such as Internet banking.
"If people practise safe browsing then the threats are manageable," he said. A higher incidence of this would be achieved by educating people about the principles involved and convincing them to upgrade to the latest software and install the newest firewalls available.
English said the next round of security summits may be conducted in July. The company attracted 6,100 people nationwide to the round just completed.
