Recently, Microsoft announced that the long-anticipated release of
Windows Server 2008 would be delayed until early next year.
Actually,
Microsoft does not consider this a delay, noting
that the new server operating system (OS) will still be released
to manufacturing late this year, adhering to the timeline
Chairman Bill Gates referred to at the Windows Hardware
Engineering Conference (WinHEC) in May.
Delay or not, Microsoft Windows Server 2008 will not be released
until the end of February 2008, so its security features will not
be available until more than a year after the release of Windows
Vista, the desktop side of the formerly code-named Longhorn
OS.
It is easy to forget that Vista and Windows Server 2008 were
once lumped together under the single moniker of Longhorn.
Microsoft envisioned Longhorn as part of 2002's
Trustworthy Computing initiative. This
initiative was Microsoft's answer to the spate of business-halting
viruses that exploited myriad Windows vulnerabilities throughout
the early part of this decade. Trustworthy Computing meant that
Microsoft would re-architect its development process to focus on
creating secure code and, ultimately, a more secure OS.
Industry pundits and administrators hailed the Trustworthy
Computing initiative as a promising step forward. Microsoft was
acknowledging the flaws inherent in its OS design and taking steps
to develop more secure software.
That was six years ago. In the meantime, administrators are
still applying patches, constructing workarounds, reconfiguring
exploitable default settings. Does that mean that administrators
should be concerned with this latest delay? Probably not. Microsoft
has yet to improve the lot of administrators toiling away trying to
lock down a feature-rich but insecure OS. But the real question is
whether the idea that technology will solve security problems is a
pipe dream. As has always been the case, administrators cannot
depend on Microsoft to solve security problems. In a perfect world,
it would be Microsoft's responsibility -- but the world is far from
perfect.
About the author: Benjamin Vigil is a former
SearchWindowsSecurity.com editor.