RSSUS Govt. to Test Windows Patches Early
By Nate Mook | Published March 11, 2005, 11:54 AM
The U.S. government will join select partners of Microsoft in receiving security patches up to a month before they become generally available. The early-access program, already available to some customers, provides beta test versions of patches so customers can be prepared when vulnerabilities are publicly disclosed.
Microsoft signed a $500 million software deal with the Air Force last year, which stipulated that the Air Force will join the Security Update Validation Program and test patches before they are officially released. In turn, the military will become a beta tester for Microsoft's updates.
According to the Wall Street Journal, the Air Force will first receive the pre-release patches, which, following testing, will be distributed to other government agencies by the Department of Homeland Security. The goal is to allow the U.S. government to stay ahead of hackers who prey on disclosed flaws in Windows that are not yet patched.
Normally, it can take weeks of preparation before an update can be fully rolled out in a large organizations, such as the Air Force's 700,000 computers. But now, government agencies will know the patch has been fully tested by the time it is posted for download.
Microsoft was clear that the Air Force will not receive mission-critical security patches before any other customer. Rather, it will serve as an external evaluation team with "limited and controlled access to security updates to test for application compatibility, stability and reliability in simulated production environments."
"Microsoft then incorporates feedback from the program into the development of the final security updates," a company spokesperson told BetaNews. "The end result of this program is higher quality updates for customers to help ensure timely and effective deployment of updates."
"If these customers get test builds, they're really giant beta testers, and this isn't a situation where Microsoft is sitting on the patches for a month before distributing them broadly," added Jupiter Research senior analyst Joe Wilcox.
Government agencies aren't the only participants selected for Microsoft's Security Update Validation Program. Large corporate customers such as General Motors also beta test security patches for Redmond. Microsoft did not disclose how many participants are involved in the program, but said it was a "small number."
Microsoft recently launched several security notification initiatives in the face of increasing pressure from customers. In February, the company announced the Security Cooperation Program, which provides governmental organizations with information on vulnerabilities not yet available to the public.
For testing and certification purposes, Microsoft has also provided governments and certain groups limited access to Windows and Office source code.
Let's hope they do this better than the way they implemented necessary security updates in the past, you are talking about 700K + computers for the Air Force alone. The DoD (and the Air Force) had been notorious for failing to keep computer systems up to date with required patches.
Score: 0
|The ultimate downfall of Windows Operating systems will be it's policy of using the secrecy of it's source code as a protection against threats. Eventually, maybe not this year, maybe not next, the source will leak on a MS OS that is either it's current servers OS or it's client OS and it will let the cat out of the bag. MS absolutely depends on the privacy of the Source code to keep them secure. As we saw with the leak of NT4/early W2K source, holes were found immediately and exploits released within days. Can you imagine a situation where hundreds of millions of PC's become vulnerable within days of each other?
This isn't a Linux vs. MS debate, but Linux and now Solaris have openly reviewable Source. What is exposed today is out there now and hackers are pounding away at it. They do find vulns... but they quickly get patched and it makes the code tighter bit by bit.
Score: 0
|Oh shouldn't we all feel safe. We know how bad Windows security is.. and here our government which is supposed to protect all our personal information, is using it. Great. Just dandy.
Though I guess it's finally good they're trying to worry about Windows security.. though they're a bit slow..
Score: 0
|Windows is not that bad, it has security flaws as do all operating systems... Linux probably has the same amount buy nobody bothers to hack Linux so they are said to be more secure... The computers security mainly is relays on you're security software, I’m sure the U.S. government has custom security software, that they have a team working on all the time... And if you don't like Windows, what are you doing reading this topic about Microsoft?
Score: 0
|I don't like Microsoft all that much but it pays my bills. I like to read about what MS is up to. What *do* i like about MS?
I like WUS and SUS. Those free products really will help small/medium sized businesses keep up to date with minimal expense.
I like MSN messenger. I have used every Client out there and I find it the least bloated and the most functional.
I fail to see your logic where one who doesn't agree with something can't read or comment about said product/company.
Score: 0
|I said the same thing about msn messenger until I started using trillian. Now I can run ICQ, MSN, AIM, and msn as well as irc and jabber all from one client which is smaller lighter and faster than any one of those bloatware clients
Score: 0
|and I use GAIM # http://gaim.sourceforge.net #, which is similar, but I used Linux also, so I chose gaim because there is a version for win & linux. also there is no payware/freeware version, it's all free.
Score: 0
|I have used Gaim on my linux system.. wasnt aware there was a windows version. :)
Score: 0
|