The Sounds of Security

Forget .NET. Sayonara, Web services. What Microsoft really wants you to know about its products these days is that you can trust them.

Analysis: Redmond announced in January that Windows .NET Server 2003 was being shrunk to Windows Server 2003. Industry analysts and others, including Microsoft, have stated that the name .NET was only confusing people. True enough. .NET has undergone something of a metamorphosis in meaning, from the early days when the catchphrase was “software as a service,” and Microsoft hoped (and still hopes) that companies will want to use applications over the Internet, paying a monthly fee for their usage and building revenue streams to die for. There isn’t much talk of that nowadays; the buzzword now is “Web Services,” a world in which software talks to each other seamlessly and sends an alert to your iPaq when the Exchange server craps out.

But if you listen closely, it’s hard to hear that buzz these days. Instead, you’re much more likely to hear screams about “secure computing,” “trustworthy computing” and “secure out of the box.” As Microsoft has turned down the volume on .NET, they’ve pumped it up to ear-splitting levels on security.

For example, Gates said in a recent “Executive E-mail” ( that his company spent more than $200 million in 2002 on security initiatives, the biggest portion coming in a code review and retraining that took programmers away from their normal jobs for large chunks of time. And although Windows 2003 is the first OS to take complete advantage of the Web services framework and be fully XML-compliant, more time is spent trumpeting its “secure by design” features.

So, the question is: Has the Trustworthy Computing initiative resulted in more secure products a year later?

  • Our February issue picked apart IIS 6.0 and found it infinitely better in terms of security than IIS 5.0. There are companies using it on production servers, and they’re mostly raving about its security.
  • Windows 2003 has been delayed by more than half a year; and for a change, the delay was caused by security upgrades rather than added features. Initial response from beta testers is a thumbs-up for security.
  • Another provocative nugget: Analyst firm Aberdeen Group reported recently that more security advisories were issued by Carnegie-Mellon’s Computer Emergency Response Team (CERT) last year for Unix and Linux than for Windows.

Although Microsoft knows it needs to sell the promise of .NET and has, in fact, many offerings in the pipeline, an even greater concern at the moment is building trust among its core IT constituencies—that would be the millions of you MCPs, MCSAs, MCSEs and so on out there, using technology every day to keep networks running and secure. Redmond wants you to know that you can trust the sound of its voice—and ignore those other voices that sound strangely like penguins.

About the Author

Keith Ward is the editor in chief of Visual Studio Magazine.

comments powered by Disqus

Reader Comments:

Fri, Feb 28, 2003 Anonymous Anonymous

>>> an even greater concern at the moment is building trust among ... the millions of you MCPs, MCSAs, MCSEs and so on ----- If MS wants to build trust with its certified professionals, then it should stop lying to them every chance it gets regarding changes to its certification programs. Microsoft stated that its W2K exams would be apllicable for .NET certification but as soon as the .NET release drew near - surprise! MS pulled the rug out from under them by changing the rules at the moment. So it's had its own professional base studying for exams for the past year that will NOT apply to the .NET cert program. Trustworthy? Not on a bet. MS can't even be honest with the people selling and installing its products, what makes anyone believe their commitment to anyone else counts for anything? And every time they pull this crap, the Linux user base grows....

Fri, Feb 28, 2003 NoMoreAfterNT4 Anonymous

The Sounds of Security Bulletins is most likely what you'll get. It's funny how companies fell into the M$ money trap to leave what was IMHO the best NOS out there in Novell. It was rare indeed to recieve a "Security Bulletin" from Novell (Maybe once every 2 months) where with M$, I recieve anywhere from 4-10 Security Bulletins a MONTH! As a matter of fact, I recently went through my e-mail saves of M$ SB's and in just over 2 years I have recieved OVER 200 Security Bulletins. So to me, an IT professional with over 10 years of experience, when M$ mentions the word Security, I tend to shudder because it's usually a Security Bulletin and I have more work to do patching my employer's servers and workstations. If it weren't for all of this extra work, I might even have time to study for more certification tests. I have still yet to see Microsoft mention on their tests about their Security Bulletins or even in their MOCs when this is real world stuff. If a would-be employer wanted to iron out a 'paper tech' from an experienced one, the one question that should be asked is, "When was the latest M$ Security Bulletin released?", and to that I would answer, "MS03-006, released two days ago!".

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.