Ballmer Launches Security Blitzkrieg

At the Momentum show on Thursday, Microsoft CEO Steve Ballmer cited the security crisis as a defining moment in company history--as threatening to its bottom line and that of its partners as the antitrust case that threatened to split Microsoft in two.

Maintaining that Microsoft has made progress with its much-ballyhooed Trustworthy Computing initiative, Ballmer acknowledged Thursday that the company has much more to do.

The Windows XP Service Pack 2, which will boast new client-side technologies designed to shield users from malicious attacks--will go into beta-testing later this year and will become available by mid-2004. "This is a service pack on steroids," Ballmer told a few thousand Microsoft partners gathered in New Orleans. Service Pack 2 will incorporate an improved firewall and better e-mail filters, he said.

The Windows Server 2003 Service Pack 1, which will incorporate new inspection technologies, is due in the second half of 2004, and by May, Microsoft will launch SUS 2.0, Ballmer said.

"This is a defining moment in our evolution as a company," said Ballmer, issuing a call to arms to its solution providers, systems integrators and resellers. "Our whole industry is threatened by fear to do new things because of these security issues and the [enduring] costs to build up and maintain a security infrastructure. They're mission-critical issues to the life of the [Microsoft] organization. Partners [should] understand the centrality and priority our company is placing on security."

The product initiatives, collectively referred to as "Securing the Perimeter," received a loud round of applause from Momentum attendees at the front lines of the Windows security crisis every day.

Burley Kawasaki, vice president of business development at Bellevue-Wash.-based Equarius, said customer "preoccupation with security" must be addressed and that the Windows plans unveiled are uplifting. Added Randy Forkner, president of Collins Computing, a Microsoft solution provider based in Irvine, Calif.: "They're building a good foundation for the future.".

The safety technologies aimed at Windows XP include improvements to the Internet Connection Firewall, safer e-mail and instant messaging, more secure Internet browsing and improved memory protection so that worm writers can't write in buffer overruns, Ballmer said.

The new Windows XP technology, for example, will provide closer inspection of ActiveX controls and sandbox them so Web sites have a harder time feeding malicious content to the browser, he said, urging partners to deploy patches as they come on a monthly basis and prepare for a new generation of secure Windows products.

In addition, Microsoft plans to integrate with Windows Server 2003 new inspection technologies designed to secure the perimeters around corporate networks. Microsoft will hone in on malicious e-mail viruses and worms that scan ports on the Internet, malicious Web content and buffer overruns.

"We want to help you protect the corporate perimeter," said Ballmer, noting that the new technology will inspect potentially infected remote clients such as laptops before allowing them to dock to the corporate network. "We will have shields or safety measures that block off infected clients that come back into the environment," he said. "These safety technologies are inspection technologies, or maybe quarantine [technologies], that refuse to let the PC get back into the network until it is inspected."

But until those shields make their way into the interim versions of Windows clients and servers next year, Microsoft will try to make patch management easier with SUS 2.0 and by making numerous improvements to the patching process.

SUS 2.0, which will be free to all customers, will provide more automation and give customers and partners a corporate patch deployment server and service for managing all OS and application patches, Ballmer said.

And Microsoft will reduce the complexity of patch management by reducing the size of patches by 30 percent to 80 percent, offering rollback capability to reduce risk, reducing downtime needed to deploy the patches by up to 30 percent and reducing complexity by having one patch experience--Microsoft Update--that works across Windows and all applications.

Noncritical patches, now published when available, will be made available monthly, and emergency patches will be made available immediately, Ballmer said.

The vision is to make patches more easily applied and maintained and to harden foundation technologies to protect against buffer overflows and malicious e-mail and Web content, but there's no silver bullet, he said.

Microsoft also extended security support on Windows Server Service Pack 2, Windows NT 4.0 and Windows Workstation Service Pack 6a till June 2004.

The planned Microsoft Update site will supersede the existing Windows Update site visited by many consumers and small businesses for security patches.

Also, Ballmer announced the launch of Microsoft.com/Security and SecurityZone, which offers security resources for partners and customers.

On Dec. 1, the company will kick off a series of security seminars and will host a dedicated seminar later this month in Los Angeles.

In addition, in the next year Microsoft will launch a series of TechNet seminars and monthly Webcasts on security to educate 500,000 people on its security offerings, Ballmer said, adding that the company intends to train 12,000 partners on security within the next 15 months.

Kawasaki said Microsoft's training is geared at getting partners and customers to deploy software code that can disinfect contaminated PCs and protect their systems and networks from future attacks. Microsoft has always made its patches available, but "that doesn't matter if people don't know about them and don't apply them," Kawasaki said. "They need to take a full view of training and education. Right now, you can't have a business discussion [with customers] on BizTalk or anything without talking about security. We're always responding to customer questions."

During his keynote, Ballmer said the next version of Internet Security & Acceleration Server 2004, code-named Stingray, is an application-level firewall that can run as an integrated layer on Cisco Systems and Check Point Software Technologies firewalls. He also said Microsoft is working with Cisco, Symantec, RSA Security and VeriSign to resolve the security crisis. "Security is a responsibility we take very seriously, but we are not alone," Ballmer said. "There are a lot of companies involved in it."

One security consultant at Microsoft Momentum said the Windows shield technologies sound promising. The safety and inspection technology, however, is mere vaporware for customers and partners out in the field today fighting off spammers, virus writers and worm writers who want to break Windows.

"I like the perimeter security idea. It was the best thing Microsoft introduced, and it showed a different attack plan by Microsoft but, of course, it could always come quicker [than 2004]," said Brian Sommer, founder of TechVentive, a technology research and consulting firm in Batavia, Ill. "Anything Microsoft can do to speed that up would be a godsend to the business community. Microsoft and its customer base is like a huge ship. You can't turn it very quickly. Hackers, on the other hand, are quick and nimble, and that's the business challenge Microsoft faces today. As trite as it sounds, partners and customers have an important role to play."