Trustworthy Computing: One Year Later

Almost exactly 1 year after Microsoft announced a sweeping internal initiative called Trustworthy Computing aimed at rearchitecting all its products with an emphasis on security before features, the company was stung by the SQL Slammer worm, which attacked Microsoft SQL Server 2000 machines and temporarily brought down about 20 percent of the Internet. Leading security experts seized this event as proof that Trustworthy Computing is more fiction than reality. One expert, the well-respected security guru and founder of NTBugtraq Russ Cooper, even gave Microsoft a grade of "F" for its security efforts. No offense to Cooper, but give me a break. Microsoft's Trustworthy Computing initiative has already provided real benefits to its users. And the biggest benefits are right around the corner, in the new products Microsoft has on deck, including Windows Server 2003.

I'll assume you're at least partially familiar with SQL Slammer (if not, you can read about it at ). Despite the fact that Microsoft began issuing fixes for the bug that this worm exploits last summer, many administrators (including some within Microsoft) neglected to install the fixes, which opened their servers up to Denial of Service (DoS) attacks. Microsoft also included the fix in SQL Server 2000 Service Pack 3 (SP3), which the company released the week before the worm wreaked havoc. Since the worm hit, Microsoft has addressed the key complaint about the bug's previous fixes, which were hard to install.

Reaction to SQL Slammer invariably targeted Microsoft, which I find confusing. In this sound-bite-friendly world, summing up complex thoughts in a simple sentence is convenient. Cooper's comments about Trustworthy Computing in the wake of SQL Slammer do little justice to the progress that Microsoft has made in the past year. "I gave \[Trustworthy Computing\] a 'D-minus' at the beginning of the year, and now I'd give it an 'F'," Cooper said, in a quote that made its way from Reuters to CNN to virtually every technology-oriented news agency on the planet.

That's a shame, because during the past year, Microsoft has improved the security of its products as well as the ways in which it responds to security problems. Windows XP, now running on more than 90 million PCs worldwide, includes an Auto Update feature that automatically downloads and, optionally, installs critical security updates. This feature is so important that the company back-ported it to Windows 2000. This feature, combined with Microsoft's support for secure wireless networking in XP SP1, is one of the key reasons why XP is such a secure OS. But developers didn't initially design XP with security in mind, and not until the Longhorn release—due in late 2004—will we have a desktop OS that benefits from deep architectural improvements.

On the server, however, Windows 2003—shipping April 24, 2003—will initiate a series of important Microsoft releases, all of which benefit deeply from Trustworthy Computing. Visual Studio .NET 2003, Microsoft Exchange Server 2003 (formerly code-named Titanium), Microsoft Office 11, and SQL Server 2003 (code-named Yukon) will all ship within the next 12 months, along with a host of other products that ship locked-down out of the box, with security-adverse features turned off. In Windows 2003, Microsoft has completely rewritten Microsoft Internet Information Services (IIS) 6.0, but IIS's most important new aspects are that the product is no longer installed by default, won't install silently if you install another feature that requires the program, and installs locked-down, with dangerous services disabled. As you turn on features in IIS, the product warns you about the security ramifications.

The security changes in Windows 2003 are legion. The product supports 802.11x secure wireless technologies, an encrypted offline files database, a new Group Policy Management Console (GPMC) for modeling policy changes before implementing them, and an excellent Software Restriction Policies (SRP) feature that lets administrators specify which applications users can and can't run; SRP also helps fight Trojan horses and viruses, but it requires XP on the client. Windows 2003 will also provide a secure platform for future server products, including a Digital Rights Management (DRM) server, a federated identity server code-named Trustbridge, and the long-awaited Microsoft .NET My Services (formerly code-named Hailstorm) server.

Microsoft will detail security improvements in other products, such as Office 11 and Exchange 2003, as those products come closer to release. But in the year since Microsoft announced Trustworthy Computing, the company has done much to secure its current products while working to rearchitect its upcoming products to support pervasive security features out of the box. To be honest, I'm not sure that we could ask more from the company in this area.

Finally, one aspect of Trustworthy Computing that few people have applauded is the wide range of security vulnerabilities that never occurred. Thanks to sweeping code reviews of all its core products, Microsoft has squashed many thousands of bugs, including the common buffer-overrun errors that had so often compromised its products in the past. Had the company not temporarily halted development early last year to perform a security review, we likely would have seen a much higher number of vulnerabilities during the past 12 months. Rather than damn the company for its mistakes, we might consider applauding its admittedly silent victories. For systems as widely used as those Microsoft creates, things could be a lot worse. And 2003 will be a pivotal year for the company.

So am I a Microsoft apologist? No, not really. But I find the one-sided reports about the company's security failings tiring.

More on Transmeta's Crusoe
A few readers took exception with my comments about Transmeta's Crusoe processor in last week's "Laptop of the Month" review, although I understand the point behind this product—ultra mobility at the expense of performance—I feel that the current-generation Crusoe is underpowered for Tablet PCs. Hewlett-Packard's (HP's) Compaq Tablet PC TC1000, which is the only Tablet PC of the five I've used so far to feature a Crusoe chip, has trouble keeping up with handwriting, which is obviously a crucial feature of the Tablet PC. However, I had an extensive briefing with Transmeta a few weeks ago at the 2003 International Consumer Electronics Show (CES), and I think the company is poised for success in markets other than the ultra-mobile notebooks that dominate in the Far East. I'll have more on the company's plans in Windows & .NET Magazine UPDATE when appropriate.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.