Deep in the midst of an effort to beef up the security of its software, Microsoft Corp. in April made available a free tool designed to search out security vulnerabilities hiding in Windows-based computers. Called the Microsoft Baseline Security Analyzer (MBSA), the tool is intended to provide users with an easy way to check their systems for common problems that arise when computers are configured incorrectly or when users fail to install suggested security patches, Microsoft said. After scanning a system with the tool, users receive a security report card that lists all the holes and vulnerabilities found during the scan. The MBSA does not actually download and install fixes but provides instructions how to do so. It can be installed on Windows 2000 desktop and server operating systems as well as the Home and Professional Editions of Windows XP, Microsoft said. Users must also have version 5.1 or higher of Internet Explorer. The MBSA can also be used to scan for security holes on the following software: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer 5.01 and later, and Office 2000 and XP. Developed with the help of Shavlik Technologies in St. Paul, Ma., Microsoft first detailed the tool at the RSA Security Conference in February. The tool, which is 2.5MB in size, can be downloaded from Microsoft’s developer Web site at http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp
— Matt Berger, IDG News Service
Vancouver firm markets transparent encrypting product
Vancouver-based Absolute Software has expanded its managed services for computer security and tracking with an agreement with PC Dynamics Inc. to license the components of its SafeHouse encryption product. Absolute claims that leveraging their Computrace technology platform and the virtual disk components of PC Dynamics’ encryption technology will enable them to provide corporations with a seamless data encryption service for their end users. The new service is expected to be available in the fourth calendar quarter of 2002. Absolute Software claims more than 1,500 customers among Fortune 1000 companies, government agencies, small and medium businesses, and educational institutions who use their services to track and manage remote, mobile and desktop PCs. PC Dynamics Inc. in Westlake Village, Calif., says its SafeHouse provides automatic and transparent “on-the-fly” encryption for notebooks or desktop PCs. SafeHouse enables users to allocate portions of their existing hard drives to be reserved for encrypted data. The encrypted volumes require password authentication before the files become accessible.
Proposed Web services standards address security
Microsoft Corp., IBM Corp. and VeriSign Inc. in April announced a joint effort to craft new standards for addressing security concerns that many corporate users have raised about Web services. Web services aim to help companies link their applications to the often disparate systems of their partners and customers through XML-based messages sent via the Simple Object Access Protocol (SOAP). But few companies have been rushing to build Web services, and one of their oft-cited concerns has been the lack of a solid security model. Officials from Microsoft, IBM and Mountain View, Calif.-based VeriSign said they hope the new specification they have co-authored, called WS-Security, will serve as a starting point for tackling the problem. WS-Security, in part, calls for support of World Wide Web Consortium standards for XML message encryption and digital signatures. The specification also serves as the foundation for a broader road map of additional security standards that the vendors plan to work on with other industry participants. John Meyer, an analyst at Cambridge, Mass.-based Giga Information Group Inc., said the move represents a logical step for Microsoft, IBM and VeriSign. But he noted that some security issues the group may address potentially could put them in conflict with security efforts from rival vendors, such as Sun Microsystems Inc. Steven VanRoekel, director of Web services marketing at Microsoft, said he expects those additional specifications will be completed within 12 to 18 months. IBM’s Sutor asserted that the group will be “inclusive,” and he said he welcomes the input of other industry players. — Carol Sliwa, Computerworld (U.S. online)