Microsoft on Security: Pariah or Trendsetter?By Matt Hines | Posted 2006-06-15 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Redmond's transformation from laughingstock to industry heavyweight in the IT security sector is beginning to bear fruit, but end users aren't ready to give out passing grades.
BOSTONMicrosoft's transformation from pariah to trendsetter in the information security sector is slowly beginning to sink in, but users are mixed about hopping on the bandwagon.
At the TechEd 2006 conference here, the software maker worked overtime to convince the world that security is really its No. 1 priority.
So far, with a few rare exceptions, customers and developers are buying it, but it remains to be seen if Microsoft can win the security game.
In the meantime, Microsoft is working diligently to be seen as a security player. On the TechEd show floor, Vista's security goodies were front and center with booths showcasing UAC (User Account Controls), a key operating system tweak aimed at countering the malware epidemic; BitLocker, a hard drive encryption tool; and new technologies for network access protection and smart card deployments.
Microsoft also introduced its Ben Fathi as its new security czar and expanded its evangelism of the SDL (Security Development Lifecycle), a collection of high-level security principles and procedures covering every stage of software creation.
And the software giant is even making friends with the hacker community. It announced it would showcase Vista at the annual Black Hat hacker conference.
Toss in internal Blue Hat hacker meetings and a wide range of top-level changes to its incident response mechanism and Microsoft is boasting about its Trustworthy Computing initiative.
Customers have noticed. "I'm very impressed with everything I've seen and heard, and I'm convinced it's not just lip service," said Colin Johnson, a microcomputer network administrator at Northeastern University.
"I'm now convinced they're the best game in town when it comes to being upfront and straightforward about how they are dealing with security."
While Johnson, who manages the university's Computer & Information Science College network in Boston, said he acknowledges Microsoft's strides, he said he has concerns that security will always be a lose-lose scenario for the world's largest software maker.
"They're fighting against a moving target, and all the while, they are becoming a bigger sitting target [for attackers]. Just like XP SP2 made things more secure, Vista will make things more secure. But that doesn't mean people won't be throwing stones," Johnson said.
"Two years from now, we could well be back at TechEd hearing the same message that Microsoft is prioritizing around security. That's just the way the industry works these days," Johnson added.
Johnson wasn't alone with his qualified praise.
Most attendees interviewed by eWEEK acknowledged Microsoft's progress to beef up Windows' security since the release of Windows XP SP 2 (Service Pack 2).
"At first, I thought they were just working on their image, but XP SP2 turned out to be a big deal. Yes, there's still a malware problem, but compared to 2003, we're in a better place," said Steve Scerpa, an AJAX developer for a small Minnesota-based IT shop.
Scerpa, who spent at least two hours at the TechEd hands-on labs examining Vista's security upgrades, says UAC will significantly move the goalposts in the fight against virus, spyware and rootkit infections.
"When the concept of a standard user becomes universal, it will blunt the attacks we're seeing today. Yes, the attackers will eventually shift course, but for what's out there today, UAC is a game-changer," he added.
Read the full story on eWEEK.com: Microsoft on Security: Pariah or Trendsetter?