ORLANDO, Fla.—Windows users said actions speak louder than words when it comes to Microsoft CEO Steve Ballmers promise that Microsoft will fix the various security vulnerabilities in his companys computing platform.
In his keynote presentation Wednesday at the Gartner Symposium/ITxpo here, Ballmer asked Windows users to trust him that Microsoft would do whatever it could to fix security problems.
“Trust is not a word that I would use” in relation to Microsofts promises on security, said Paula Dallabetta, director of product marking at CreekPath Systems Inc., a storage management software producer based in Longmont, Colo.
She said she has no reason to trust Microsoft because it “hasnt delivered anything to date” that improves the security situation.
“People always joke that Microsoft has set the bottom bar in terms of security,” she said. Dallabetta said she might begin to trust Microsoft “with the delivery of a product that actually works.”
In his speech Wednesday, Ballmer said Microsoft has “learned more about security than anyone else in the world.”
“We need to focus in on a few things,” he said. “We need to engineer in fewer vulnerabilities going forward. We have new development tools to spot security vulnerabilities. We will release those to users. These tools have made a difference in [Windows] Server 2003 and [Windows] XP SP2 [Service Pack 2].”
Dallabetta said she hasnt deployed Windows XP SP2 and will rely on her companys IT department to determine whether to install it companywide. CreekPath Systems has had to contend with security issues and still has security concerns it hopes Microsoft eventually will resolve. She declined to describe in detail any security breaches the company has experienced.
It really doesnt matter whether one trusts that Microsoft will keep Ballmers promise to fix security loopholes in Windows, said Richard Warren, chief financial officer at Sterling Life Insurance Co. of Bellingham, Wash. If Microsoft doesnt manage to fix the problems, “What are you going to do about it?” Warren asked. He said most people have little choice but continue working with Windows.
But Warren said he agrees with Ballmer that Microsoft is certainly in the best position to understand the problem “because they have had the most exposure to it.”
“I believe they are committed to trying to do something to solve the problem,” Warren said. But he said a question remains about how much Microsoft or anyone else can do to solve all of the security issues.
“I think that the problem is evolving,” he said. “Its like saying that you are going to win the war on terrorism.” New security threats and avenues for attack keep cropping up, he said.
“There are always people whose mission in life is to penetrate other peoples networks,” Warren said. Hackers are always going to try to find new ways to breach computer security measures, so there is no guarantee that Microsoft is going to be able to permanently solve the problem, he said.
Sterling Life Insurance is still using Novell NetWare as its internal network operating system. Thus, it may have less concern about network security, Warren said, although it still has concerns about viruses and Internet security. As a result, he said he doesnt know whether the deployment of Windows XP SP2 is an issue in his organization.
Fran Gabriel, an end-user services specialist with the U.S Navy in Philadelphia, said she is confident that Ballmer will do what he can to solve the problems. “Like most of the key figures in the industry, he knows that the future of every vendor in the business depends” on Microsoft solving the security issues, she said.
“Clearly, his boss expects that he is going to do something about this,” Gabriel said.
Whether Microsoft will do everything that needs to be done to solve problems with viruses, Windows security loopholes and junk e-mail remains to be seen, she said. “Im sure that Microsoft as a corporate entity is taking this very seriously,” she said.
Jaap Bloem, a senior analyst at Sogeti Netherlands BV, an IT consulting and services company based in Amsterdam, the Netherlands, said he thinks Microsoft will do what it can to fix the security problems. But it remains to be seen how effective those efforts will be, he said.
“Microsoft has been pushed in the right direction, but they didnt go there voluntarily,” Bloem said. Customers and the market pressured the company to address the security issues, he said.
Security concerns were one of the issues that prompted Sogeti to consider evaluating the effectiveness of Linux running on the desktop, Bloem said. There is a good chance that the company will conduct this evaluation within the next three months, he said. But Sogeti has no plans to evaluate Linux as a server operating system, he said.
In addressing Linux, Ballmer said Wednesday that the perception that Linux is more secure is “just not true.”
“Were more secure than the other guys,” he said. “There are more vulnerabilities in Linux; it takes longer for Linux developers to fix security problems. Its a good decision to go with Windows.”
Bloems colleague Menno van Doorn, a technology manager at Sogeti, said users can get a clearer view about what Microsoft intends to do about security when the company eventually delivers the Longhorn Windows server.
Now that Longhorns shipment has been delayed for a year, the question is whether Microsoft is using the extra time to enhance server security or mainly to bolster its features and performance.