Microsoft preaches security

The irony is ironic: On the same day that I learned about a new Microsoft marketing initiative to sell its customers client, server and network security software, the company released yet another slew of patches to plug up flaws in its products, including Windows Vista.

The new marketing initiative is called “Fast, Faster,” and is designed to push Microsoft’s Forefront security products — products, that is, the customers need to protect themselves against flaws in Microsoft’s operating systems and applications. According to Microsoft’s press release,

“The campaign uses humorous metaphors to illustrate how defending against security threats with Forefront is easier than defending against virtually anything else — including far-fetched threats from aliens, ninjas and zombies.

“The goal of this campaign, created by McCann Worldgroup San Francisco, is to emphasize Microsoft’s competitive differentiation in making security products easier to deploy, implement and manage.

“The Easy, Easier campaign will be appearing in IT print and online media in the U.S. and 28 markets worldwide as well as throughout Microsoft’s digital properties. More information on Microsoft Forefront, the Easy, Easier campaign and related customer stories can be found at http://www.easyeasier.com/.”

The Forefront products officially launch on May 2, at an event in Los Angeles.

What would be truly easy, easier for Microsoft’s customers would be to have more secure operating systems and applications.

• Yesterday was also Patch Tuesday, the monthly event that systems administrators dread. Just think about that: Every month, Microsoft’s customers know to expect a whole bunch of bug fixes. (Every Microsoft customer should sign up to receive advance notification of these patches.) The April 10 patches included five new fixes, four of which Microsoft itself said were critical.

• Microsoft did depart from that monthly schedule to ship an emergency update on April 3. Patch MS07-017 works to resolve a vulnerability in animated cursor handling in .ani files. For those who didn’t catch it early, Microsoft rolled this one into the April 10 patch group.

• Also according to eWeek, Microsoft is investigating public reports of new security flaws in Office. “Reports of several new security holes in Microsoft Office have been made public on known exploit sites. The company did not release specific information about the vulnerabilities, citing potential risk to users,” eWeek reporter Brian Prince writes.

That’s not to say that all the flawed software comes out of Microsoft. Even companies like IBM, Rad Hat and Apple issue regular security bulletins and patches, and have security advisory mailing lists. However, there is the hypocrisy that Microsoft charges customers for Forefront, which is software that exists mainly to help customers overcome flaws in Microsoft’s other products. If Microsoft truly wanted to make security easy, easier, it would create less buggy and less flawed products.

Z Trek Copyright (c) Alan Zeichick