Ballmer calls security 'defining moment' for Microsoft

Microsoft CEO Steve Ballmer yesterday outlined an ambitious road map for better ensuring the security of his company's core products, during his keynote speech at the company's annual partner conference in New Orleans.

Beginning this month and going through most of next year, Microsoft will deliver a series of products and technologies to simplify and make more consistent its multiple patching strategies for all operating systems from Windows Server 2000 on and deliver a new version of its Windows XP Service Pack containing multiple security improvements. Starting today the company is launching a new Web site to serve as a clearinghouse for all Microsoft security products and services.

Ballmer also showed off new tools including a free Software Update Services 2.0, to be released in the first half of next year, which will provide a seamless patch, scanning and installation experience for SQL Server, Office, Exchange and Visio users and administrators.

The company will also consolidate down to two the number of patch installers for Windows 2000-generation products, by the end of next year's first half, deliver a rollback capability for all new patches, and reduce downtime by requiring 30 per cent fewer reboots during deployment.

Microsoft's new patching strategy is designed to reduce the complexity of patch management and includes a new process for patch distribution. The company will move to monthly patch releases thereby introducing more predictability and manageability to the process, according to Ballmer. Ballmer added that the company is extending security patch support for Windows NT Workstation 4 Service Pack and Windows 2000 Services Pack 2 through June 2004.

The new safety technologies help users be more effective in protecting systems from malicious attacks even if patches do not yet exist or have not been installed, Ballmer said. These technologies will first ship in Service Pack 2 for Windows XP and also in Service Pack 1 for Windows Server 2003.

The security improvements for Windows XP will focus on protections against four types of attacks, according to Ballmer, including port-based attacks, malicious Web content and buffer overruns. The improvements to be made in Windows Server 2003 will better enable remote access connection client inspection and intranet client inspection designed to help protect corporate networks from viruses picked up by laptops and other mobile devices.

The redoubled efforts to beef up its security strategies on multiple fronts is one of the top three or four defining moments in the company's history, Ballmer said, comparing it to the company's decision to dramatically redirect its Internet strategy in 1995 and finally working out its long-running legal wrangling with the Department of Justice.

"The security issue is one more important defining moment for us. The industry's ability to go on to do important and innovative things is being threatened by the lack of secure environments," Ballmer said.

Ballmer said people creating worms are not hackers but criminals and that the threat of jail must be made more clear to them. He said Microsoft is more aggressively pursuing joint efforts with various law enforcement agencies to bring such hackers to justice.

"The crimes these people (hackers) are committing is the same as blowing up a building with no people in it," Ballmer said.

Viruses are becoming increasingly more sophisticated and the time between the delivery of a patch from Microsoft until hackers figure out workarounds is becoming dangerously short. In the case of the Blaster virus it was 25 days, Ballmer said

"When it gets down to five or 10 days a lot of our users will be in a tough position. Their (hackers') exploits are getting more sophisticated," Ballmer said.

Besides simplifying its patching process and adding a variety of technologies to its core products, Microsoft will embark on an extensive road show to better educate as many as 500,000 users through conferences over the next 12 months on security issues and potential fixes from Microsoft and its network of ISVs and partners.

For further information on Microsoft's new partner initiative, see next week's ARN.