The Sounds of Security
Forget .NET. Sayonara, Web services. What Microsoft really wants you to know about its products these days is that you can trust them.
announced in January
that Windows .NET Server 2003 was being shrunk
to Windows Server 2003. Industry analysts and others, including Microsoft,
have stated that the name .NET was only confusing people. True enough.
.NET has undergone something of a metamorphosis in meaning, from the early
days when the catchphrase was “software as a service,” and Microsoft hoped
(and still hopes) that companies will want to use applications over the
Internet, paying a monthly fee for their usage and building revenue streams
to die for. There isn’t much talk of that nowadays; the buzzword now is
“Web Services,” a world in which software talks to each other seamlessly
and sends an alert to your iPaq when the Exchange server craps out.
But if you listen closely, it’s hard to hear that buzz these days. Instead,
you’re much more likely to hear screams about “secure computing,” “trustworthy
computing” and “secure out of the box.” As Microsoft has turned down the
volume on .NET, they’ve pumped it up to ear-splitting levels on security.
For example, Gates said in a recent “Executive E-mail” (http://microsoft.com/mscorp/execmail/)
that his company spent more than $200 million in 2002 on security initiatives,
the biggest portion coming in a code review and retraining that took programmers
away from their normal jobs for large chunks of time. And although Windows
2003 is the first OS to take complete advantage of the Web services framework
and be fully XML-compliant, more time is spent trumpeting its “secure
by design” features.
So, the question is: Has the Trustworthy Computing initiative resulted
in more secure products a year later?
- Our February
issue picked apart IIS 6.0 and found it infinitely better in terms
of security than IIS 5.0. There are companies using it on production
servers, and they’re mostly raving about its security.
- Windows 2003 has been delayed by more than half a year; and for a
change, the delay was caused by security upgrades rather than added
features. Initial response from beta testers is a thumbs-up for security.
- Another provocative nugget: Analyst firm Aberdeen
Group reported recently that more security advisories were issued
by Carnegie-Mellon’s Computer Emergency Response Team (CERT) last year
for Unix and Linux than for Windows.
Although Microsoft knows it needs to sell the promise of .NET and has,
in fact, many offerings in the pipeline, an even greater concern at the
moment is building trust among its core IT constituencies—that would be
the millions of you MCPs, MCSAs, MCSEs and so on out there, using technology
every day to keep networks running and secure. Redmond wants you to know
that you can trust the sound of its voice—and ignore those other voices
that sound strangely like penguins.
Keith Ward is the editor in chief of Virtualization Review.