News

The Sounds of Security

Forget .NET. Sayonara, Web services. What Microsoft really wants you to know about its products these days is that you can trust them.

• By Keith Ward
• 02/21/2003

Analysis: Redmond announced in January that Windows .NET Server 2003 was being shrunk to Windows Server 2003. Industry analysts and others, including Microsoft, have stated that the name .NET was only confusing people. True enough. .NET has undergone something of a metamorphosis in meaning, from the early days when the catchphrase was “software as a service,” and Microsoft hoped (and still hopes) that companies will want to use applications over the Internet, paying a monthly fee for their usage and building revenue streams to die for. There isn’t much talk of that nowadays; the buzzword now is “Web Services,” a world in which software talks to each other seamlessly and sends an alert to your iPaq when the Exchange server craps out.

But if you listen closely, it’s hard to hear that buzz these days. Instead, you’re much more likely to hear screams about “secure computing,” “trustworthy computing” and “secure out of the box.” As Microsoft has turned down the volume on .NET, they’ve pumped it up to ear-splitting levels on security.

For example, Gates said in a recent “Executive E-mail” (http://microsoft.com/mscorp/execmail/) that his company spent more than $200 million in 2002 on security initiatives, the biggest portion coming in a code review and retraining that took programmers away from their normal jobs for large chunks of time. And although Windows 2003 is the first OS to take complete advantage of the Web services framework and be fully XML-compliant, more time is spent trumpeting its “secure by design” features.

So, the question is: Has the Trustworthy Computing initiative resulted in more secure products a year later?

• Our February issue picked apart IIS 6.0 and found it infinitely better in terms of security than IIS 5.0. There are companies using it on production servers, and they’re mostly raving about its security.
• Windows 2003 has been delayed by more than half a year; and for a change, the delay was caused by security upgrades rather than added features. Initial response from beta testers is a thumbs-up for security.
• Another provocative nugget: Analyst firm Aberdeen Group reported recently that more security advisories were issued by Carnegie-Mellon’s Computer Emergency Response Team (CERT) last year for Unix and Linux than for Windows.

Although Microsoft knows it needs to sell the promise of .NET and has, in fact, many offerings in the pipeline, an even greater concern at the moment is building trust among its core IT constituencies—that would be the millions of you MCPs, MCSAs, MCSEs and so on out there, using technology every day to keep networks running and secure. Redmond wants you to know that you can trust the sound of its voice—and ignore those other voices that sound strangely like penguins.