WinInfo Daily UPDATE--brought to you by the Windows & .NET Magazine Network
~~~~ THIS ISSUE SPONSORED BY ~~~~
Windows & .NET Magazine Connections
~~~~ SPONSOR: WINDOWS & .NET MAGAZINE CONNECTIONS ~~~~
WINDOWS & .NET MAGAZINE CONNECTIONS: WIN A FLORIDA VACATION
Simply the best lineup of technical training for today's Windows IT professional. Register now for this exclusive opportunity to learn in-person from the Windows & .NET Magazine writers you trust. Attendees will have a chance to win a free Florida vacation for two. Register today, and you'll also save $300.
April 1, 2003--In this issue:
1. NEWS AND VIEWS
- Report: Most Users Don't Trust Microsoft
- Windows XP Update Bolsters Wireless Security
- Get the eBook That Will Help You Get Certified!
- Join The HP & Microsoft Network Storage Solutions Road Show!
3. CONTACT US
See this section for a list of ways to contact us.
(contributed by Paul Thurrott, [email protected])
* REPORT: MOST USERS DON'T TRUST MICROSOFT
A recent Forrester Research survey brings an ugly truth to the forefront: Most IT administrators who work with Microsoft products don't trust the company or believe it can produce secure software. The survey, which polled security experts at $1 billion companies, cites some interesting statistics: Of those polled, 77 percent said they don't trust Microsoft, yet 9 out of 10 still deploy Microsoft software in mission-critical applications. This news should certainly bolster competitors such as Linux. But the question remains: What can Microsoft do to reverse this trend, and how much time will pass before the company's fortunes reflect the growing industrywide unease about the quality of its wares?
Fifteen months after the launch of its much-vaunted Trustworthy Computing campaign, Microsoft security still has a black eye, its critics charge, although the company correctly argues that the results of its security initiative aren't immediately obvious. "We understand that achieving the goals of Trustworthy Computing will not be an easy task and that it will take several years, perhaps a decade or more, before systems are trusted the way we envision," a Microsoft spokesperson said this week. "We are working to address existing security concerns, including patch management. This is only the beginning, and we are confident that customers will continue to see additional progress over time."
Another issue is administrator responsibility. Microsoft had previously patched most of the worst vulnerabilities that attackers exploited in recent years. As the report notes, "Too few firms are taking responsibility for securing their Windows systems"; instead, they blame Microsoft for their woes. The recent SQL Slammer worm is a classic example. The company had issued several fixes for the vulnerability the worm used, and if SQL Server administrators had kept their systems up-to-date, the worm wouldn't have been so devastating. The report states that Microsoft released patches for the last nine "high-profile Windows security holes" an average of 305 days before any attack took place, but administrators often didn't install the updates. In other words, most security snafus are avoidable.
But, as any Windows administrator can tell you, Microsoft's convoluted patch-management system is in dire need of an update--each product the company releases seems to follow its own update regimen. Recent advances in the company's Windows Update and Auto Update software should merge into Microsoft's other products soon and give the company a centralized and automated way to keep all its software updated. In the meantime, administrators are forced to wrestle with the myriad ways they receive bug notifications, install updates, and keep systems running smoothly. And the fact that many patches require system reboots doesn't help.
Looking forward, Windows Server 2003 will be the first big test for Microsoft's security initiative, as the OS will be the first major product the company has shipped since it embraced Trustworthy Computing. However, analysts say that Windows 2003 uptake is expected to be slow for a variety of reasons, including the war with Iraq, the continually stumbling economy, and an impression that the product is just a minor upgrade to Windows 2000. The Yankee Group says that only 12 percent of current Windows Server users plan to upgrade to Windows 2003 this year, down from the 30 percent who upgraded to Win2K Server within the first 12 months of its release.
One of the biggest reasons to upgrade to Windows 2003, however, is better security. Whether selling an upgrade based on its security prowess compared to the previous release is a good idea is debatable, but the first several months of general availability might be telling for Windows 2003. If customers embrace the product and it withstands months of uptime with little or no security vulnerabilities, Microsoft will have gone a long way toward repairing its reputation. But if Windows 2003 suffers the same sort of security embarrassment that Windows XP did with its high-profile (yet low-impact) Universal Plug and Play (UPnP) vulnerability, customers might view the product as more of the same. And more of the same isn't the message that Microsoft is trying to convey.
* WINDOWS XP UPDATE BOLSTERS WIRELESS SECURITY
Yesterday, Microsoft posted a Windows XP update that gives the OS a new, more reliable, standards-based wireless security technology called Wi-Fi Protected Access (WPA). The WPA solution will eventually replace the current solution, Wired Equivalent Privacy (WEP), a broken and insecure data-encryption and -authentication technology that's installed on millions of Wi-Fi (802.11b wireless standard) routers, gateways, NICs, and PCs worldwide.
"Customers tell us the wireless experience with Windows XP represents a huge leap forward in terms of ease of use," said Jawad Khaki, corporate vice president of Windows Networking and Communications Technologies. "Yet, even with these enhancements, many IT managers are hesitant to enable wireless connectivity in their organizations due to security concerns. With standards-based Wi-Fi Protected Access, customers can have more confidence their data will be safer and more secure."
More confidence, perhaps, but WPA won't do XP users any good until all their Wi-Fi hardware supports the technology. If your Wi-Fi gateway supports only WEP, for example, upgrading XP to support WPA won't help. However, seeing Microsoft adopt wireless security standards early for a change is nice: The company didn't require any sort of wireless security when it released XP in October 2001; Microsoft fixed this situation in the XP Service Pack 1 (SP1) update, which requires XP users to jump through a few hoops to access a non-WEP-enabled wireless network. Microsoft says it will build WPA support into XP SP2, and presumably the company's Broadband Networking products, a Wi-Fi hardware line, will also support the technology.
But as desirable as WPA is, this technology isn't the end game for wireless security. Instead, WPA is just the first step to a future, more powerful wireless standard called 802.11i that wireless hardware makers and Microsoft have pledged to adopt. The upgrade path from WPA to 802.11i should be seamless for customers, Microsoft says.
(brought to you by Windows & .NET Magazine and its partners)
* GET THE EBOOK THAT WILL HELP YOU GET CERTIFIED!
The "Insider's Guide to IT Certification," from the Windows & .NET Magazine Network, has one goal: to help you save time and money on your quest for certification. Find out how to choose the best study guides, save hundreds of dollars, and be successful as an IT professional. The amount of time you spend reading this book will be more than made up by the time you save preparing for your certification exams. Order your copy today!
* JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
Here's how to reach us with your comments and questions:
* ABOUT NEWS AND VIEWS -- [email protected]
* ABOUT THE NEWSLETTER IN GENERAL -- [email protected] (please mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
* PRODUCT NEWS -- [email protected]
* QUESTIONS ABOUT YOUR WININFO DAILY UPDATE SUBSCRIPTION? Email Customer Support -- [email protected]
* WANT TO SPONSOR WININFO DAILY UPDATE? [email protected]
This daily email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
Thank you for reading WinInfo Daily UPDATE.
Copyright 2003, Penton Media, Inc.