Microsoft Mulls Security In Wake Of Worm

Microsoft said Tuesday it is considering whether to sign up users of future versions of its Windows operating system to a service that automatically downloads and installs software fixes on their computers unless customers specifically opt out of the service.

No decisions have been made, but it is one way the company is considering tightening computer security in the future, after the Blaster worm and other variants infected hundreds of thousands of computers around the world since Aug. 11.

"We think it would help the safety of a lot more customers if they had the benefit of the patching there (automatically)," said Steve Lipner, director of security engineering strategy. The service would be for home users and small businesses, he said.

Microsoft has also launched a "Protect Your PC" campaign to suggest ways consumers can guard their computers against attacks such as the "Blaster" worm, which has infected hundreds of thousands of computers since Aug. 11.

The new campaign comes after the virus, also dubbed "LovSan," exploited a flaw in most versions of Microsoft's Windows operating system and infected computers around the world - slowing networks and causing frequent rebooting.

Other virus variants, including one that attempts to download the patch for vulnerable computers, are also working their way through computer networks, further snarling traffic.

Although Microsoft had posted a fix for the flaw on July 16, tens of millions of people waited until the past several days to install it, Microsoft said, based on downloads from its Windows Update Web site. The company decided to accelerate plans to promote security by launching its Protect Your PC campaign, said Amy Carroll, director of product management for Microsoft's Security Business Unit.

Starting on Tuesday, the company bought ads in several newspapers telling customers about setting up firewalls, visiting Microsoft's update site and buying anti-virus software.

It has also set up a new Web site - http://www.microsoft.com/protect - that offers step-by-step instructions for turning on existing security tools in Windows XP and suggestions for buying anti-virus protection. Microsoft is working on a video as well to post on its Web site.

In the meantime, it is also encouraging users of the most current versions of Windows to sign up for Automatic Update, in which Microsoft automatically downloads and installs software fixes for them.

Automatic updates - available for customers with Windows XP - are one way consumers can keep their software patched, said Craig Schmugar, with Network Associates' anti-virus emergency response team. But many may resist that option for a variety of reasons, he said.

Network administrators in large companies may be reluctant to allow automatic downloads, because the downloads may interfere with how other corporate programs work, he said. Ideally, they want to be able to test it before widely deploying it across their business, he said.

That can also happen on a consumer level, he said.

But "they're likely to put their trust in Microsoft to deploy the patches," he said - unless something happens in which a patch causes other applications to fail. That would be "a big hit to the confidence level."