BOSTON—Microsofts transformation from pariah to trendsetter in the information security sector is slowly beginning to sink in, but users are mixed about hopping on the bandwagon.
At the TechEd 2006 conference here, the software maker worked overtime to convince the world that security is really its No. 1 priority.
So far, with a few rare exceptions, customers and developers are buying it, but it remains to be seen if Microsoft can win the security game.
In the meantime, Microsoft is working diligently to be seen as a security player. On the TechEd show floor, Vistas security goodies were front and center with booths showcasing UAC (User Account Controls), a key operating system tweak aimed at countering the malware epidemic; BitLocker, a hard drive encryption tool; and new technologies for network access protection and smart card deployments.
Microsoft also introduced its Ben Fathi as its new security czar and expanded its evangelism of the SDL (Security Development Lifecycle), a collection of high-level security principles and procedures covering every stage of software creation.
And the software giant is even making friends with the hacker community. It announced it would showcase Vista at the annual Black Hat hacker conference.
Toss in internal Blue Hat hacker meetings and a wide range of top-level changes to its incident response mechanism and Microsoft is boasting about its Trustworthy Computing initiative.
Customers have noticed. "Im very impressed with everything Ive seen and heard, and Im convinced its not just lip service," said Colin Johnson, a microcomputer network administrator at Northeastern University.
"Im now convinced theyre the best game in town when it comes to being upfront and straightforward about how they are dealing with security."
While Johnson, who manages the universitys Computer & Information Science College network in Boston, said he acknowledges Microsofts strides, he said he has concerns that security will always be a lose-lose scenario for the worlds largest software maker.
"Theyre fighting against a moving target, and all the while, they are becoming a bigger sitting target [for attackers]. Just like XP SP2 made things more secure, Vista will make things more secure. But that doesnt mean people wont be throwing stones," Johnson said.
"Two years from now, we could well be back at TechEd hearing the same message that Microsoft is prioritizing around security. Thats just the way the industry works these days," Johnson added.
Johnson wasnt alone with his qualified praise.
Most attendees interviewed by eWEEK acknowledged Microsofts progress to beef up Windows security since the release of Windows XP SP 2 (Service Pack 2).
"At first, I thought they were just working on their image, but XP SP2 turned out to be a big deal. Yes, theres still a malware problem, but compared to 2003, were in a better place," said Steve Scerpa, an AJAX developer for a small Minnesota-based IT shop.
Scerpa, who spent at least two hours at the TechEd hands-on labs examining Vistas security upgrades, says UAC will significantly move the goalposts in the fight against virus, spyware and rootkit infections.
"When the concept of a standard user becomes universal, it will blunt the attacks were seeing today. Yes, the attackers will eventually shift course, but for whats out there today, UAC is a game-changer," he added.