IBM said it found surprising improvements in Internet security such as a reduction in application security vulnerabilities, exploit code and spam, but it also noted that those improvements come with a price: Attackers have been forced to rethink their tactics.

Online criminals are scanning the Internet and attacking Windows 2000 machines that haven't had a recent Windows Media Service patch installed, Symantec said Wednesday.

Microsoft took the unusual step today and skipped patching one of the vulnerabilities addressed in its monthly security update, saying that crafting a fix was "infeasible."

Symantec has posted a software fix after hundreds of users reported problems with a buggy update of the company's flagship Norton AntiVirus software.

A common misconception is that a shiny new computer is more or less secure because it hasn't yet been exposed to the Internet's sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items security pros don't typically trust.

When I first started writing about information security five years ago, all a writer had to do was mention Microsoft in the same headline space as "security vulnerability" to strike page-view gold. In 2004 Microsoft was a couple years into its Trustworthy Computing Initiative but it remained the software company IT security practitioners hated with glee.