NEW ORLEANS—Microsoft Corp. CEO Steve Ballmer Thursday moved to show the thousands of partners attending its Worldwide Partner Conference here that the software titan does take security seriously and is actively working on ways to improve it.
In his keynote address, titled “Partnership, Innovation and Customer Focus,” Ballmer said there are times in any companys existence when it has to stand back and listen and then regard those as defining moments in its evolution. The current security crisis is one of those defining moments, he said.
“Our whole industry is threatened by peoples fear to do new things because of security issues. Our action items include improving the patching experience, providing guidance and training, mitigating vulnerabilities without patches and continuing improving quality,” he said.
Ballmer acknowledged that the number of patches is proliferating, the time to exploit the vulnerabilities is decreasing, the exploits are becoming more sophisticated and the current approach is not sufficient. “Security is our No. 1 priority, but there is no silver bullet in this regard,” he said.
Ballmer said he wishes the security researchers “would be quiet as that would be better for the world.” But that wont happen, he added. “We are trying to work with them on how and when they disclose their information.”
Microsoft will improve the patching experience for all products from Windows 2000 onward by next May. These changes include moving to a single patching experience across Windows and all application products.
The company will also move to better quality patches and ensure rollback capabilities for all patches. In addition, its Delta patching system will enable patches to be between 30 percent and 80 percent smaller.
Downtime will also be reduced, with up to 30 percent less reboots, and the company will extend automation through a new update mechanism known as Microsoft Update, which will be a single point for this, Ballmer said, the only statement in his address to garner applause.
Next page: Updating the Update Server
In his keynote, Ballmer announced the second version of Microsofts Software Update Server, Version 2.0, which is a corporate patch deployment server and service. The latest upgrade manages Office, Windows Server System applications and Windows. “This is the corporate equivalent of Windows Update for the corporate market,” he said. It is a consistent scanning engine that will be free to all Microsoft customers and will be available in the first half of 2004.
Microsoft also is extending to June 2004 its security support for Windows 2000 SP2, Windows NT 4.0 and Workstation SP6a. And, instead of remaining on the current erratic release timeframe, it will publish monthly non-emergency patches, Ballmer said.
Microsoft is publishing a book on how “Microsoft secures Microsoft,” detailing what the company does to protect itself and its Windows clients and servers. “What we really want to do is make our customers resilient to attack even when patches are not installed. Our goal is to make seven of every 10 patches installable at the customers own schedule as long as they had secured the perimeter,” he said, adding that Microsoft will deliver safety technologies to address this.
To address migration vulnerabilities, Microsoft will deliver its Internet Connection firewall by default and provide safer e-mail and instant messaging through more secure default settings.
Microsoft will also introduce a new version of Windows XP, known as Windows XP SP2, or “XP on steroids,” he said; it will be available in beta by the end of this year and RTM in the first half of next year.
In order to be more effective, Ballmer said Microsoft needs to understand its weaknesses and the threats to its business.
“We want to get better alignment between you and us and our partners and products. Lets get the alignment that allows us to get more effective and deliver better value to our customers. Let us also be able to better support you in delivering that benefit to the customer,” Ballmer said.
Microsoft is merging its classic partner community with the partner communities from the business solution partners from Great Plains and Navision, so together they can build the next great Microsoft business, he said.
While Microsoft will continue to think and talk volume, it will be sensitive to preserving the ability for all partners to make money and “we want our platform to be the place where you do that,” he said.
Turning to the concept of integrated innovation, Ballmer said, “I am so excited about the opportunities over the next 10 years and believe that all this talk of IT being dead is pure hogwash.”
Microsoft is committed to integrated innovation and is spending $6.8 billion in research and development. There are a number of exciting scenarios for the future, including real-time communications, collaboration, business applications, integrity and mobility.
“The truth is our products compete with other products, including open source software. If someone says Linux has better high-performance clustering capabilities, we put engineers on it and they look at how we can be better,” he said.
“Theres still much, much, much to do on security. Its a journey, and weve made some progress and delivered some milestones. But we have to fight this to continue to bring innovation to bear over the next 10 years,” Ballmer concluded.
Discuss this in the eWEEK forum.