Microsoft produces the world's most popular operating system: Windows. The big problem with being the most popular OS is that there are a hoard of vulnerabilities in software and the OS that malicious users attack to gain control of a user's computer or perform other nefarious deeds.
Microsoft was at the Black Hat conference in Las Vegas this week to provide information on the progress of some of the security initiatives that it launched last summer. The software giant was also on hand to launch new security tools and offer information to support efforts to improve security.
Microsoft's Mike Reavey said, "There's a race between attackers and defenders and if we want to win, we have to share information."
Among the software tools, that Microsoft was unveiling at the show is an application called the Microsoft Office Visualization Tool, which is designed to provide a visual representation of the Office binary file. MS says that the software is intended to make it easier for programmers to understand how attacks target Office filed. Microsoft reports that most attacks target software rather than the operating system itself. In the second half of 2008, almost half of the attacks were targeting the application stack rather than the OS.
Among the other projects, Microsoft announced at the Black Hat Conference was Project Quant. Project Quant is an online information resource to provide enterprise users with a framework to estimate the cost of patch management resources for the software and OS' they have in use. Microsoft is also publishing a report at the conference called Microsoft Security Update Guide that explains the entire security update process.
The software giant is also publishing another report called Microsoft Active Protections Program (MAPP), which supplies vulnerability information to security partners prior to the release of new security patches. Two other components discussed in the report are the Microsoft Exploitability Index and the Microsoft Vulnerability Research. Microsoft didn't mention anything at the conference about the fate of its beta consumer anti-virus software.