SAN FRANCISCO—The upcoming release of Windows Server 2003 is a watershed event, not only for the Windows group, but also for the security team at Microsoft Corp.
Company executives have made it quite clear over the last few months that the next version of the flagship operating system will be a key test for the processes and improvements made as part of the Trustworthy Computing initiative.
In fact, Dave Aucsmith, chief technology officer of the Security Business Unit at Microsoft, based in Redmond, Wash., said if the OS is found to be as vulnerable as previous versions of Windows, it will mean that the companys model for improving security "was wrong."
However, folks in Redmond arent just holding their breath and hoping for the best. The company has made some major changes to Windows that executives believe will begin to turn the tide in the battle against vulnerabilities and other quality problems.
One key security improvement in Windows Server 2003, set for release April 24, is a feature that checks the configuration of user PCs as they connect to the network. If the machine is not configured properly, i.e., doesnt have updated anti-virus signatures or a personal firewall installed, the software can quarantine the machine on a private segment of the network until it is reconfigured. Some third-party vendors sell similar solutions as add-ons to Windows, but this will be the first time that such a capability is included in the OS itself.
As part of the security push that all Microsoft products now go through, the companys internal penetration testers developed some innovative tools to attack new applications.