Longhorn hinges on security

Previews of Microsoft’s forthcoming server-stack software reveal a company brooding over improving its security.

At the company’s Professional Developers Conference next week in Los Angeles, developers will get an in-depth technical review of the next iteration of Windows, Longhorn. Microsoft is expected to focus attention on Longhorn’s underlying graphics and Aero, the new user interface.

At the conference, Microsoft will also deliver early beta code of Yukon, its next-generation database; Whidbey, the upcoming version of Visual Studio; and a sneak peek at Indigo, a Web services development framework under construction.

Longhorn, in particular, appears to be very much a work in progress. Company officials earlier this month dropped hints that the upcoming OS -- at least the completed server version -- will not see the light of day until sometime in 2006.

But the lofty ambitions Microsoft has for its next-generation OS, database, and development tools hinge on its equally ambitious security initiative, which was outlined by a number of top company officials earlier this month.

The new security initiative, described by Microsoft CEO Steve Ballmer as one

of the top three or four “defining moments” in the company’s history, will weave “safety technologies” into the company’s core set of products and will simplify the company’s patching strategy, emphasizing collaboration with Windows application developers and business partners in an effort to deliver bulletproof solutions.

“Many of our customers view the security problems in Microsoft’s products as the single biggest stumbling block to adopting these technologies for their mission-critical applications. Unless these problems are solved, it will be very difficult for [Microsoft] to gain wide acceptance of their enterprise applications,” said Vijay Lal, director of product marketing at NetManage.

Many developers and corporate users agree. The severity of Windows’ security problems -- both current and future -- is enough to make them seriously contemplate other, more secure OSes.

“[Microsoft] appears pretty serious about curing the security ills they have, but I don’t know if I want to wait until we are well into 2004. We have been looking at some Linux-based things lately to see if they can give us what we need to run things more securely,” said Tom Gianetti, a systems analyst at a large financial services company in Boston.

Even as Microsoft redoubles its efforts to close Windows’ holes, just last week four new bugs were discovered in Windows Server 2003. The bugs are associated with buffer overflow, the chief technical means that hackers exploit to unlock doors to corporate networks.

Some analysts agree that the more time Microsoft takes in delivering ironclad solutions, the more incentive customers have to consider other OSes. But given the sheer mass of Microsoft’s installed base and its ongoing responsibility to deliver to this base dozens of competitive products, the company will always be constrained in its ability to build solutions quickly.

“Microsoft knows they have to fix this. To some extent they have created this issue for themselves through their own success and in the way in which they have managed their previous solutions. The only way out is to deliver on their promises,” said Chris LeTocq, an analyst at Guernsey Research.