Attack concerns slow Microsoft's pace

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1012_3-5173575.html

By Ina Fried 
Staff Writer, CNET News.com
March 16, 2004

LAS VEGAS -- Security concerns are slowing things down at Microsoft,
but the company is still chugging along with its more ambitious
projects including Windows Longhorn, a company executive said on
Tuesday.

The need to make its current software more resilient to attack is part
of the reason that several projects have fallen behind schedule,
Senior Vice President Bob Muglia said in an interview.

"It's absolutely slowed things down," Muglia said at the Microsoft
Management Seminar here. "This work is making our software come out
not as quickly."

Meanwhile, CEO Steve Ballmer, who was slated to address the crowd
tomorrow, will now not attend the show. Ballmer is reportedly in
Europe meeting with regulators in an effort to settle antitrust
charges.

Notably, Microsoft said last week that key updates to its developer
tools and to its SQL Server database will be postponed until next
year, a move that has the potential to delay a number of other
Microsoft software programs whose development is linked to those
programs. There is also concern that Microsoft's work on Longhorn--
the next version of Windows--will be further delayed or scaled back.  
Muglia said the company has not lost its drive to take on big projects
like Longhorn.

"We're still pretty ambitious," he said.

Muglia said that more than half of the resources on the Windows team
are still going toward Longhorn, though more effort than originally
planned is going into improving existing versions.

"We have definitely taken a large percentage of our resources that
would be working on new things like Longhorn and are dedicating (them)  
to security," Muglia said. "It has an impact on those (ship) dates."

However, Muglia said that customers seem in favor of the shift. "The
response I get universally is that's the right thing to do," he said.

Along with providing patches and security enhancements with Windows XP
Service Pack 2, Microsoft has said it is exploring ways of further
updating both PC and server versions of Windows XP prior to the
arrival of Longhorn, which analysts say may still be several years
off. Microsoft originally planned to ship the software in 2005, but
now offers no specific timeframe for when it might arrive.

Muglia said it is too early to say exactly what form the server update
will take, but said a series of feature packs is more likely than a
full interim release of the operating system. The update, targeted for
2005, is likely to include mostly features that were already planned
to arrive ahead of Longhorn, Muglia said.

"We're looking at all of the things that have been under development
for a while and that are either complete and available in the market
and are in stages of competition that we can bring out in the 2005
timeframe," he said. "There's a lot of value there frankly that we'd
like to deliver as soon as we can get it out there."


'More targeted attacks' ahead

Muglia said Microsoft is also still deciding how it will distribute
the update and what, if anything, will require a separate fee. "In
terms of packaging, I don't think we've figured out how to package it
yet. We're still thinking that through," Muglia said.

In his keynote speech earlier Tuesday, Muglia said he did not expect
security to wane as a concern for the industry, though he did expect a
shift from generalized widespread problems to more narrowly aimed
threats.

"We will see more targeted attacks," Muglia said. "That's sort of
unfortunately the future we see over the next couple of years."

Muglia said the best way Microsoft can arm companies is to create
software that gives IT managers more data on their systems and how
they are running.

"The truth of the matter is a lot of the security problems that have
happened are associated with areas which could have been prevented
with the right tools."

"Now, it's our job to give people the right tools, and we haven't
always done that...But if we can get the tools in the hands of IT
(managers), they can then take the steps that they need to mitigate
things."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.