At Microsoft's recent Ignite conference for IT professionals, Microsoft executives unveiled new security measures and services, and called out competitor Google for lax security practices.
“Google takes no responsibility to update their customers’ devices, leaving end-users and businesses increasingly exposed every day they use their Android devices,” said Terry Myerson, Microsoft’s executive vice president of operating systems. “Google just ships a big pile of code, and then leaves you exposed with no commitments.”
Microsoft is refining how it distributes security updates, starting with the upcoming releases of Windows 10 and Office 2016, Myerson said.
Changes to Update Protocols
Currently, Microsoft sends updates for Windows on the second Tuesday of each month on "Patch Tuesday." Many consumer machines are configured to download and apply the patches automatically, but enterprises may prefer to control the update process with Microsoft’s System Center Configuration Manager.
With Windows 10, consumers can now get security updates as they are released from Microsoft, along with other updates and new features, resulting in a “steady stream of innovation every month,” Myerson said.
Businesses can choose to get their updates as soon as they arrive, or wait to see if the patches cause any additional issues first. Microsoft will also offer the option to receive security updates only, not new feature updates, which offers organizations more control without exposing them to security gaps.
Administrators can now specify when they want patches to be applied, so the patches aren’t deployed during a busy time, or at when machines may be shut down. For organizations with limited bandwidth, Windows 10 computers can share the updates in a peer-to-peer network, rather than downloading patches for each machine.
New Services from Microsoft
In addition to updating the patching process, Microsoft also unveiled a number of new services to help better secure systems against data leakage and compromised identities:
• Device Guard limits the computer to running only applications that have been administrator approved to run on that machine. This safeguard could prevent the user from unwittingly installing malware, thinking it came from an approved source.
• Azure Rights Management Services is a service designed to guard against corporate data leakage. This service provides the ability to protect access to files, even after they leave the individual computer. Before sending a file to someone, a user can specify what permissions that recipient has with that file. The sender can specify, for instance, if that file can be forwarded to additional parties. The sender can even revoke access to the document after it is sent out.
• Microsoft Advanced Threat Analytics provides a simple way for organizations to identify network intruders. It's based on technology developed by Israeli startup Aorato, which Microsoft acquired in November. This service can show that someone is using a brute-force attack to compromise a user account, when that account was breached and can then follow any additional actions on other machines.
These updates and service offerings give peace of mind to network administrators who must constantly remain alert to new and dangerous security threats.