Microsoft is serious about improving the security and reliability of its software and operating systems, but the...
jury is out on how successful it will be.
Andy Kellett, senior research analyst at Butler Group, said, 'Improved security has been a serious message now for two years and it continues to be a serious message.'
With only one major product released since Microsoft began its Trusted Computing initiative three years ago, it is difficult to assess the company's performance.
But the indications from Windows 2003 Server are encouraging, said John Pescatore, vice-president for internet security at analyst firm Gartner.
'Windows 2003 Server made dramatic improvements on previous products. Windows 2003 and IIS 6, which is built in, achieved security parities with Solaris, HP Unix and Linux. When you look at the number of bugs and configuration out of the box, it is as secure as Linux and Unix out of the box.'
Perhaps more importantly, there has been a significant culture change within Microsoft. Product developers are talking about security as their top priority, rather than functionality.
'Microsoft is now more open and informative than it has ever been,' said Kellett.
The real test of Microsoft's mettle will come with the release of Longhorn, the next Windows operating system, due in 2006.
Both Butler and Gartner expect a step change in security with Longhorn, which is expected to incorporate digital rights management technology.
But Microsoft will need to tread a fine line between improving security in a way that brings genuine benefits to users and meeting demands from software suppliers and the music and film industry for better ways of protecting copyright.
'Security from defects in your code is one thing, security features that make it harder to use code because you want to fight piracy is another,' said Pescatore. 'We will have to judge what is done in the name of security and what is done in protecting software suppliers' rights against piracy.'
If there is one criticism Gartner has against Microsoft, it is its apparent unwillingness, as the market leader in desktop software, to help users of rival products keep their systems secure.
One example of this is Microsoft's reluctance to commit to protecting users of the rival Firefox browser with its recently launched anti-spyware product. Microsoft seems more concerned with 'out-featuring' Firefox than with security, said Pescatore.
'It would be bad if Microsoft security products work better with Microsoft operating systems than other products,' he said.