Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database

    Yukon to Ship with Features Securely Off

    By
    Lisa Vaas
    -
    February 25, 2004
    Share
    Facebook
    Twitter
    Linkedin

      In an effort to make it more secure, Microsoft Corp.s “Yukon” version of its SQL Server database will ship with certain features turned off, according to Microsoft Director of Product Management for SQL Server Tom Rizzo, in Redmond, Wash.

      Rizzo said that, while its too early to say exactly which features will be turned off, core functionality features will be left on in order to ensure that getting the database running out of the box wont be a nightmare. “We dont want you to go to install it and find it wont work out of the box,” he said.

      Microsoft engineers are also working to ensure that customers wont have to go through painful gyrations to turn on the turned-off features. “New functionality—extensions and things that make the server even better—well turn off by default, but well make it easy to turn those back on. We dont want customers to say, Hey, I like XYZ feature, but I have to go through this nightmare process to turn it on.”

      There are signs that the second beta of “Yukon” (which is the code name for Microsoft Corp.s update of its SQL Server database), originally expected in late spring or early summer, is already well on its way.

      While Beta 1 is a closed beta for past testers and certain customers only, Beta 2 will be public, and people interested in Yukon will be able to participate in Microsofts Customer Preview Program.

      Next page: Screwing the lid down on SQL Server.

      Securing SQL Server


      While customers await Yukon, however, SQL Server itself has been getting more secure, Rizzo said. Microsoft has been spending extra money on security, as executives acknowledged during the companys second-quarter financial conference call, with much of the funds getting pumped into educating developers and customers.

      One security-related educational venture has been the recent launch of the new Security Guidance Center on Microsofts TechNet site. Launched about two weeks ago, the Center is a portal for all things security-related that might concern SQL Server customers. Security-related funds are also going to other initiatives, including Webcasts, written articles and other educational ventures for outside partners and customers, Rizzo said.

      Rizzo also pointed to Microsofts automated Baseline Security Analyzer tool as proof that the company is helping customers to secure SQL Server. Released some two years ago, this free tool seeks out unpatched Windows systems and applications on networks, then tells users what they need and where to find patches. Finally, the company is aiming to come out with a SQL Server-specific update feature similar to its current Windows Update, which notifies users when patches or drivers are available, though a release date has yet to be determined.

      Customers are clamoring for such a feature in hopes that it could protect them from catastrophes such as that wrought by Slammer. Slammer, a SQL Server worm that brought down the Internet some 13 months ago, preyed on machines that lacked a patch that had been available for some time. As a result, many small to medium-sized businesses with small and/or overworked IT staffs voiced need for some help with patch management.

      /zimages/5/28571.gifTo find out how patch mismanagement fueled Slammer, click here.

      Next page: More people, more strategy around adding features.

      Securing the Design Process


      Microsofts security efforts have borne fruit. For example, SQL Server 2000 has only had one critical alert since Service Pack 3 shipped over a year ago.

      For its part, Yukon is being designed using a three-part process. First, Microsoft sends program managers, developers and testers through security training so theyll understand what the most common types of flaws are in developers code. Such common flaws include opening ports, buffer overruns and integer overruns, Rizzo said.

      Next, as product features are being designed, product managers follow a ritual of asking security-related questions about the feature, such as, whats the security of this feature? Does it open ports? And, is it vulnerable to injection attacks?Only then are developers free to go off and build a given feature.

      The third leg of security comes in with the use of automated tools that scan each line of code, plucking out commonly made mistakes. Such automated tools are a help. Line-by-line, manual code analysis was performed on SQL Server 2000 and 7.0—a process that took some three months, Rizzo said—back when Microsofts security push resulted in Service Pack 3.

      Microsoft has also been staffing up its SWAT teams, which consist of ethical hackers who try to crack Yukon and other SQL Server versions. Rizzo said that recently Microsoft added “a whole bunch” of ethical hackers to the SQL Server team but declined to name how many new staffers were brought on-board.

      “Of the 1,000 people who work on SQL Server, securitys top of mind,” he said. “Even though we have a SWAT team, everyones on the SWAT team.”

      /zimages/5/28571.gifCheck out eWEEK.coms Database Center at http://database.eweek.com for more database news, views and analysis.

      Be sure to add our eWEEK.com database news feed to your RSS newsreader:
      /zimages/5/19420.gifhttp://rssnewsapps.ziffdavis.com/eweekdatabase.xml

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×