Computerworld - NEW ORLEANS -- During a keynote speech at last week's Microsoft Worldwide Partner Conference here, Steve Ballmer didn't shy away from discussing the security woes that have beset his company and its customers.
On the contrary, Microsoft Corp.'s CEO addressed the issue head-on and outlined a set of new and updated initiatives that the company is working on to improve the patch management process, provide guidance and training to help users secure their systems, and make the vendor's products more resistant to attack.
Partners welcomed the news and cheered loudly when Ballmer told them that by May 2004, there will be one place on the company's Web site where all patches for all Microsoft products will be available. The new Microsoft Update will complement the existing Windows Update.
"This will just simplify things," said Mitchell Rubin, president of Lynx Consulting Group in Springfield, Pa. "Now I go to Windows Update for patches, and I have to go to a different site for Office."
Ballmer also set a May 2004 deadline for the single "patching experience" that the company has pledged will replace its multiple patching systems. Amy Carroll, a director in Microsoft's security business unit, said the company will reduce the number of patch installers from eight to two: one for the Windows kernel, and one for Microsoft applications.
In addition, Microsoft is promising better-quality patches and rollback capability in case application incompatibility problems arise. Patches will also be reduced in size by up to 80% to aid users on slow networks, and the number of reboots needed for patch installation will be cut by up to 30%, reducing server downtime, Ballmer said.
But the challenge that Microsoft faces as it attempts to ease the patch management process was apparent when Ballmer polled partners about the company's free Software Update Services (SUS), which corporations can use to automate patch distribution to employees on a scheduled basis. The vast majority of over 4,000 partners in the keynote session indicated by a show of hands that they didn't use SUS 1.0 or hadn't heard of it.
"It will scan the machines, let you know what needs to be patched, apply the policy, roll it out," Ballmer explained, calling SUS "the corporate equivalent of Windows Update for the consumer market."
Microsoft plans to release in the first half of next year Version 2.0 of SUS, which will add support for more Microsoft products. SUS 2.0, which is complementary to Systems Management Server 2003, will also feature enhanced reporting capabilities and improved administration controls.
"We're definitely going to take a look at it," said Samith Kollipara, a technology consultant at Hanigan Bjorkman Ecklund LLP in Lincoln, Neb. Like many conference attendees, Kollipara said he was unaware of SUS until last week.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
