XP update no security 'silver bullet': Microsoft AU

Microsoft Australia security lead Ben English told ZDNet Australia   that while XP SP2 was "a very worthwhile release" that eliminated a number of serious attack vectors, companies also had to deal with security from a process and education perspective.

He also revealed the company was planning its third round of security summits for 2004, most likely to be run in Australian capital cities during November, with the plan being to expand their scope to include increased input from partners such as professional services firms.

English said the emphasis would be on providing a more 'holistic' view of security issues to information technology professionals than the previous summits run this year, with less of a direct focus on Microsoft products. "i="" want="" my="" customer="" base="" to="" be="" more="" secure="" than="" they="" are="" now="" as="" a="" result="" of="" attending="" these="" summits,"="" he="" said.="" =""> English said the company wanted to reinforce that there were issues beyond technology people needed to think about when managing security. He cited physical requirements such as a strong password to prevent strangers gaining easy access to information held on a computer, the drafting, adoption of and adherence to processes to minimise risk and education of company employees on good security practices.

Microsoft Consulting Services has recently completed around 15 engagements at high-end enterprise customers -- spanning a range of industries, including retail, finance, government and energy -- to audit and provide services to minimise their security risk.

The most common pain point for those customers, English said, was patch management, with consequent service engagements generally involving a proposal for a patch management solution. "Customers have benefited most from us addressing that first," he said. =""> So-called 'service engagements' with at-risk enterprise clients, English said, were designed to give customers the ability to deploy patches consistently and rapidly, as well as address areas such as 'locking down' Microsoft technologies and raising security awareness levels.

English also foreshadowed a big drive at the corporate and consumer level around the adoption of SP2, as well as promoting the resources Microsoft has to help its customer base boost security.

Microsoft on Friday released the security-oriented XP SP2 to manufacturing after a series of delays. The update is due to be released to around 100 million personal computers over the next two months, with customers who choose to download manually being able to do so by the end of August. The company also plans to create 25 localised versions over coming months.

XP SP2 includes a new security centre designed to provide a beefed-up firewall, as wall as easy ways to tell whether a personal computer is updated and protected against viruses. It also adds a pop-up blocker in Internet Explorer and updated support for Wi-Fi and Bluetooth wireless technologies.

Ina Fried contributed to this report