July 29, 2010

Software Rivals Joining Forces To Fight Hackers

Microsoft announced at a major computer security conference that teamwork between technology rivals is paying off in the perpetual arms race with hackers.

"As we look at the industry, we see this continued need for shared responsibility," said Microsoft Trustworthy Computing Group director Dave Forstrom. "We must work together."

Microsoft unveiled its findings at Black Hat computer security conference in Las Vegas.

There were 65 companies worldwide taking part in the Microsoft Active Protections Program (MAPP) for early access to the technology giant's security updates.

"MAPP shifted the competitive advantage from attackers to defenders," Forstrom said.

"Before MAPP, we released vulnerability patches on Tuesday and immediately there was a race with the hackers trying to reverse-engineer and attack, and IT guys working to put in patches."

Hackers achieve an "attack window" when companies release software fixes to everyone at the same time.  This window remained open until computer users applied upgrades or patches.

The MAPP program allows "good guys" to have a head start building or installing patches or fixes before hackers target the vulnerabilities.

Microsoft's other initiatives include indexing how dangerous bugs are so businesses can prioritize responses and check for vulnerabilities.

Adobe signed on to the MAPP program and is using the network as a conduit for details about updates or patches for its Flash and Reader software.

"Vendors had to wait for the day we published an update, then begin a foot race with bad guys who try to leverage attacks," Brad Arkin, senior director for product security and privacy at Adobe, told AFP news.

"It is all about narrowing the window of vulnerability. The success of the MAPP program has demonstrated to us it is worth it."

He said that since becoming part of the MAPP, it has taken his team considerably less time to learn about new software attacks.

"Customers aren't concerned about competitive differences," Forstrom said. "They want to know how software vendors out there are working together and have their backs."

Forstrom compared the program to U.S. "Neighborhood Watch" in which neighbors form tightly knit groups united against crime in their communities.

"Cops were not able to keep up with crime so they involved citizens with law enforcement," Forstrom said. "We see the same thing in the online landscape. These criminals are invading our homes, our businesses and our privacy."

Microsoft proposed a standard last week that would call on those who discover software bugs to give program creators chances to fix the flaws before announcing it to the world.


On the Net: