SAN FRANCISCO -- Bill Gates used the RSA Security conference Tuesday to announce the coming of Internet Explorer 7.0 and the manufacturing release of ISA Server 2004 Enterprise Edition. He also promised a more integrated Microsoft Update in beta next month to make it easier for users to install enhancements to Windows XP and 2000, Server 2003, Office 2003 and Exchange Server 2003.
Do enterprise users believe this news signals an era of truly trustworthy computing? Maybe not, but IT professionals did express cautious optimism.
"Overall, I think they're headed in the right direction," said Stephane Brochu, information systems analyst for the Quebec Cartier Mining Company. "I'm excited to see what looks like moves toward the final integration of their security products, including AntiSpyware and antivirus, eventually."
Frederic Thisdel also works for the company, helping to develop software used for mining operations. He shared Brochu's enthusiasm for the integrated approach. "As a software developer, I hope this will lead to an easier way for people to use the software we develop more securely."
But Fred Rickabaugh, CISO for Premier Inc., a Charlotte, N.C.-based alliance of non-profit hospitals and healthcare systems, said Microsoft must change its approach to software development. Until it does, he said every new security product is nothing more than window dressing.
"The people part -- software development, education and awareness -- that's what matters," he said. "At least [Gates] mentioned development. We'll have to wait and see."
Gates' speech summarized
The Microsoft chairman touted progress made this past year to bolster security, including the release of Windows XP Service Pack 2, AntiSpyware in beta and the planned acquisition of Sybari Software Inc., which specializes in protecting enterprise messaging servers from malware.
"Our primary goal is to improve security and safety for all our customers -- consumers and businesses, regardless of size -- through a balance of technology innovation, guidance and industry leadership," Gates said. "We're committed to continued innovation that addresses the threats of today and anticipates those that will undoubtedly emerge in the future."
He said Microsoft will build on the past year's progress with several upcoming releases:
Internet Explorer 7.0. Gates said the latest version of its much-attacked browser will add new levels of security to SP2 while maintaining the level of extensibility and compatibility customers have come to expect. IE 7.0 will also be better equipped to fight phishing, malware and spyware. The beta release is scheduled for summer.
An enhanced Microsoft Update. Gates said a more integrated version of its updating service will be available in beta next month. It will roll together the update process for Windows XP and 2000, Server 2003, Office 2003 and Exchange Server 2003. Gates also confirmed the final version of a free service designed for medium- to large-size enterprises, Windows Update Services, will be available in the first half of 2005. This will enable system administrators to more quickly obtain updates for a wider array of Microsoft applications and distribute them across their networks, he said.
Baseline Security Analyzer (MBSA) 2.0. Gates said this tool will help identify common security misconfigurations. MBSA will be available around the same time as Windows Update Services and will work with that service to provide more consistency in scanning and deployment.
(ISA) Server 2004 Enterprise Edition. Gates said the enterprise version of the Internet Security and Acceleration (ISA) Server 2004 has been released to manufacturing. It includes more secure remote access to essential applications for employees and partners, security-enhanced connections between branch offices and corporate headquarters, and better protection from malicious Internet traffic.
The Sybari acquisition. When the acquisition of Sybari is finalized, Redmond plans to ship a Microsoft engine based on the GeCAD technology acquired in 2003 as one of the multiple scanning engines supported by Sybari's flagship Antigen software, Gates said. He added that the Microsoft engine will be integrated into a broad consumer offering by year's end.
A better compliance tool. Gates also announced that Service Pack 1 for Windows Rights Management Services (RMS) will be better equipped to help enterprises get a handle on regulatory compliance and records management. RMS SP1 will add the ability to deploy a low-cost enterprise rights management software without a network connection to the Internet and without an operational dependency on an external entity such as Microsoft. It will also be integrated with smart-card technology for improved authentication and more efficient management of group definitions through stronger integrations with the Active Directory service.
That's particularly important to Bryan Sowell, authentication services engineer for a large Fortune 500 company. He said Microsoft's certificate management has been lacking and that has caused his company to go elsewhere for help. But the enhancements Gates outlined may be worth a closer look.
"Digital ID management is something that looks good for us," he said. "This may be an area where Microsoft can help us."