eFe
 
 
 
   NEWS
 
  Home
  WTO Special
  eFe
  Money & Banking
  Economy
  Corporate
  Investor
  News
  Editorials & Analysis
  Letters to the Editor
    GROUP SITES
 
  Expressindia
  The Indian Express
  Screen
  Latest News
  Kashmir Live
  Loksatta
  Express Computer
 COMMUNITY New!
 
  Message Board
 SUBSCRIPTIONS
 
  Free Newsletter
  Express North
American Edition
  FE ARCHIVE New!
    Search by Date
 

 

  
   CONVERGENCE
Wednesday, November 28, 2001 
 

Microsoft touts tightened security of Web services

Elinor Mills Abreu in San Francisco
Microsoft Corp.’s new Web services software will allow developers to create secure applications more easily and screen out the kind of unauthorized commands that are commonly used by malicious hackers, according to a review commissioned by the company.

The release of the security review extends a marketing and technology offensive by Microsoft as the software giant struggles to reverse the perception that it has sacrificed security for convenience in developing its operating systems software.

Microsoft has been criticized by computer security experts for creating software that too readily allows code to perform executions on Windows systems, opening the door to viruses that steal data, delete files or leave open back doors on systems for future hacking.The company also faces criticism that its Web services initiative, expected to be rolled out in the coming months, could be vulnerable to hacking by aggregating individuals’ personal information all in one place.

The white paper released on Monday and authored by Foundstone Inc. and CORE Security Technologies did not address that concern but concluded that Microsoft’s so-called .NET Framework reduces many major security risks.

Microsoft’s .NET Framework will be used by developers to write applications for Web services under which software will be available online as a service to anyone using any device. Sun Microsystems Inc. and Oracle Corp. are developing competing Web services technology.

Prior Microsoft applications have proven susceptible to common security holes that have been used by virus writers and others to get into systems.

Those include the so-called “buffer overflow” — used in the Code Red Internet worm — in which a malicious hacker overwhelms a computer with data during a routine communication and the data overflows into a sensitive memory area where it can run wild.

When it is released around the end of the year .NET software will automatically check the code and determine whether it should be allowed to perform the operation it is requesting, said Mike Kass, product manager for Microsoft’s .NET Framework.

“When you load a program, it gathers evidence of where it came from and who wrote it. If you are a system administrator you can fine-tune these permissions,” said Kass. “With the .NET Framework we’re going to take the burden off the end user.”

Reuters

 

 
Write to the Editor
Mail this story
Print this story
 
 
 
   
 
About Us | Advertise With Us | Privacy Policy | Feedback
© 2001: Indian Express Newspapers (Bombay) Ltd. All rights reserved throughout the world.