When it comes to securing the Windows operating system, Microsoft's senior vice president Bob Muglia said he'd like to think that the company has made great strides and that the darkest days of system security are already in the past.
"I do believe in my heart of hearts that the worst is behind us," he said in an interview at TechEd 2005 in Orlando, Fla., last week.
"Several years ago, we had some issues that were serious, and we took them seriously," Muglia said. "For the past year, something on the order of 40% to 50% of our resources have gone into making our systems more secure."
WSUS billed as a patching time-saver
At TechEd, Microsoft released the long-awaited successor to Software Update Services. Now branded Windows Server Update Services (WSUS), this free technology gives customers one means of patching several servers in the Windows family, including Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, SQL Server 2000, SQL Server 2000 Desktop Engine and Exchange Server 2003. Support for additional products will be added over time.
The tool is considered ideal for customers who don't require an enterprise management system with the scope of Systems Management Server to update their systems. "I'm pleased to be shipping WSUS and Microsoft Update," Muglia said. "That infrastructure is remarkable. When we shipped a set of updates for Windows XP, within 72 hours, 150 million machines get updated."
"What we've been missing is the control for the medium [-sized] business which WSUS provides, as well as the ability to get that to all the other products like Office and Exchange," he added.
WSUS is only the latest in major security updates for Microsoft. Since last year, Microsoft has released Windows XP Service Pack 2 and Windows Server 2003 SP1, which added numerous security features for desktops and servers, respectively.
Third parties will help secure Windows
There is still no shortage of security threats, however. And the types of security challenges companies will face in the future will be far more varied than just virus defense. "There are all sorts of issues that exist, if not just widespread viruses," Muglia said.
For example, identity theft is a big problem, he said, particularly when it comes to making sure that employees have access to resources they should have, and to nothing else. To secure Windows against new threats, Microsoft will need the help of its partners to create ancillary technologies, Muglia said.
Microsoft also plans to continue to build new security features into future editions of the Windows client and server. One key feature expected in the Longhorn version of Windows Server is the ability to lower user privileges, so users can run a PC without being in administrative mode. Longhorn will also include integration with technologies based on the "Next-Generation Secure Computing Base," an industry security initiative that will be built into chips made by Intel Corp. and Advanced Micro Devices Inc.
Credit given for progress made by Microsoft
IT executives praise the improvements to Windows Server, particularly the out-of-the-box security features, versus what existed several years ago prior to the company's Trustworthy Computing Initiative. "They are more in control today," said Roger Thibodeau, chief network architect at Royal & Sun Alliance USA Inc., in Charlotte, N.C. "Two years ago, it was horrendous, but they've put a focus on it and now it's looking much better."
But whether Microsoft can keep ahead of new vulnerabilities as well as tackle other problems may be another matter. "I can't say whether the worst is over, mainly because we cannot see into the future," said Clyde Johnson, senior network and systems administrator at HCC Aegis, an environmental equipment supplier and division of HCC Industries, in Los Angeles. "I can look behind and say, 'ewww' -- but everyone has good 20-20 hindsight. Microsoft has to keep its eye on the ball."