Microsoft Fails to Use Its Own Security Tools

NetScreen Technologies, a company that makes firewall and virtual private network hardware and software, announced this week that it had gained a major customer: Microsoft.

Microsoft's SQL Labs, the part of the company that works on Microsoft's SQL Server, is using NetScreen's 500-series security appliance to defend its network against Code Red, Nimda, and other worm attacks, according to a statement released by NetScreen. Apparently, the labs' choice was made despite the fact that Microsoft already sells its own security product touted as a defense against worms.

The Microsoft Internet Security and Acceleration Server was introduced in early 2001 and was hailed by the Redmond, Washington, company as Microsoft's first product aimed entirely at the security market. ISA Server offers such features as an "enterprise-class" firewall and a Web cache.

The selection of a third-party product to protect a Microsoft network is especially ironic because of the content of a Web page posted to Microsoft's ISA Server Web site in mid-June which lists the top ten reasons that businesses ought to switch to ISA Server. The number one reason businesses ought to switch, according to the list, is that "ISA Server is an ... enterprise firewall and secure application gateway designed to protect the enterprise network from hacker intrusion and malicious worms."

Be that as it may, the NetScreen-500 allowed Microsoft's SQL Labs to "quickly ... eradicate the [Nimda] viruses from our labs and identify infected machines outside the lab so we could notify them and effectively stop the spread," says Mark Jackson, SQL network engineer at Microsoft's SQL Labs, in the NetScreen press release.

Microsoft declines to comment further.