One of the major reasons for Microsoft's recent inability to ship major new products is its Trustworthy Computing push, in which the software maker briefly halted all active software development and worked to integrate more secure controls into its products. Trustworthy Computing is now a fact of life for Microsoft, and its offerings are now more secure than ever thanks to the initiative. But as one of the world's largest makers of software, Microsoft is increasingly involved in creating its own security solutions for customers as well. This week, I discuss a few of its more interesting client-based security solutions, each of which saw major upgrades in recent days.
Windows Defender Microsoft's antispyware solution, Windows Defender, comes with impeccable credentials: The software was part of Microsoft's purchase of GIANT Company Software in December 2004, and I was a big fan of that solution, GIANT Antispyware. After an incredibly long gestation, Microsoft last week finally shipped its first nonbeta version of the GIANT Antispyware-based Windows Defender, for virtually all Windows XP and Windows Server 2003 variants, including x64 versions. Windows Defender is antispyware done right: The software sits in your system and silently does its work, interrupting you only when something truly bad happens. This is a level of user interaction that other security solutions would do well to emulate.
Windows Defender, which will be included with Vista, also includes a handy interface for examining and disabling applications and services that automatically start when your PC boots up. This is just icing on the cake, really, but for unmanaged PC environments, such as small office/home office (SOHO) environments, where IT help is expensive or even impossible to come by, it's useful functionality. But Windows Defender is useful in more than these smaller environments. Because multiple antispyware solutions can be used successfully in tandem, it's kind of a no-brainer for organizations of any size. The product is free and well-reviewed, and it integrates nicely into Windows. Highly recommended.
Windows Live OneCare 1.5 Beta To me, Windows Live OneCare is like a virtual IT support staff: The managed service, which is aimed at individuals and small services, turns the notion of a security software suite on its head by providing an inexpensive set of services that you can apply to multiple PCs. With OneCare, users get first-rate antispyware, antivirus, and two-way firewall functionality, as well as a surprisingly nice and fully automated backup and restore utility.
With the release of the OneCare 1.5 beta earlier this month, Microsoft dramatically improved the product and made it available to more customers. OneCare 1.5 adds a more unified antispyware and antivirus experience, an enhanced backup utility, and Vista compatibility. It's also available in 17 international markets for the first time. I'm a big fan of OneCare, and the new version, even while in beta, looks like a winner as well.
The best news might be the price. OneCare currently retails for about $30, and includes support for up to three PCs. But you can often find the product for less than $20, and Microsoft isn't currently doing anything to limit the number of PCs you can support. Try finding an IT staff that inexpensively.
Internet Explorer 7.0 I could have made a career out of criticizing Internet Explorer (IE) 6.0 for its multitude of security vulnerabilities. (Well, assuming someone would pay me for that service.) But let's give credit where credit is due: IE 7.0, released recently for Windows XP running Service Pack 2 (SP2) and Windows 2003 (with SP1), is a major step toward respectability for the browser. It features numerous functional enhancements, yes, but from a security standpoint, upgrading to this version of the browser is a no-brainer. We discussed its security features before, so I won't run through the full list here. Suffice it to say that no browser will ever be fully secure, but IE 7.0 is dramatically better than IE 6.0. Unless you experience unexpected intranet compatibility problems, you should update sooner rather than later. Any pain you experience in doing so will be more than offset by the peace of mind you'll feel from removing IE 6 from your environment once and for all.