Microsoft Corp.'s new Web services software will allow developers to create secure applications more easily and screen out the kind of unauthorized commands that are commonly used by malicious hackers, according to a review commissioned by the company.
The release of the security review extends a marketing and technology offensive by Microsoft as the software giant struggles to reverse the perception that it has sacrificed security for convenience in developing its operating systems software.
Microsoft has been criticized by computer security experts for creating software that too readily allows code to perform executions on Windows systems, opening the door to viruses that steal data, delete files or leave open back doors on systems for future hacking.
The release of the security review extends a marketing and technology offensive by Microsoft as the software giant struggles to reverse the perception that it has sacrificed security for convenience in developing its operating systems software.
Microsoft has been criticized by computer security experts for creating software that too readily allows code to perform executions on Windows systems, opening the door to viruses that steal data, delete files or leave open back doors on systems for future hacking.
The company also faces criticism that its Web services initiative, expected to be rolled out in the coming months, could be vulnerable to hacking by aggregating individuals' personal information all in one place.
The white paper released on Monday and authored by Foundstone Inc. and CORE Security Technologies did not address that concern but concluded that Microsoft's so-called .NET Framework reduces many major security risks.
Microsoft's .NET Framework will be used by developers to write applications for Web services under which software will be available online as a service to anyone using any device. Sun Microsystems Inc. and Oracle Corp. are developing competing Web services technology.
Prior Microsoft applications have proven susceptible to common security holes that have been used by virus writers and others to get into systems.
Those include the so-called "buffer overflow" -- used in the Code Red Internet worm -- in which a malicious hacker overwhelms a computer with data during a routine communication and the data overflows into a sensitive memory area where it can run wild.
When it is released around the end of the year .NET software will automatically check the code and determine whether it should be allowed to perform the operation it is requesting, said Mike Kass, product manager for Microsoft's .NET Framework.
"When you load a program, it gathers evidence of where it came from and who wrote it. If you are a system administrator you can fine-tune these permissions," said Kass. "With the .NET Framework we're going to take the burden off the end user."
Foundstone has been analyzing the .NET technology for over a year.
News source: Reuters - Microsoft Touts Tightened Security of Web Services
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.