Microsoft eyes smaller code base for Longhorn

IDG News Service - Microsoft Corp. is developing versions of its Windows operating system with only a subset of the Windows code base, designed for specific server tasks, in a move that could reduce maintenance costs for customers and create products that are less vulnerable to attack.
The new "role-based" products may appear in 2007, when the server version of Longhorn is scheduled for release. Offering a smaller code base would mark a significant technical shift for Microsoft and could help it to address the competitive threat posed by Linux. But it also presents significant engineering challenges for the company, industry analysts said.
Microsoft already sells two role-based versions of Windows, one for storage and one for Web serving. They essentially conceal from users the parts of Windows that aren't needed for the task at hand, making them easier to install and use. But those products still are based on the entire Windows code base.
With its Longhorn release, the software maker hopes to offer role-based versions of Windows for tasks such as storage, file or print serving that include only a part of the overall Windows code, said Martin Taylor, Microsoft general manager for platform strategy.
"Today, it's still the entire code base. There's no reduction in the bits you get; things are just roped off," Taylor said Friday. "We want to get to a model of role-based deployment where you might just have the bits you need for that function. ... It's one of our design goals for Longhorn."
Many enterprises separate tasks such as e-mail and Web hosting, assigning them to individual servers or groups of servers. Microsoft would continue to sell the full version of Windows for use as a general-purpose operating system, but it could offer the role-based products for servers assigned to particular tasks, he said.
Such a move could benefit customers in two primary ways: better security and lower maintenance costs, said Michael Cherry, lead analyst at Directions on Microsoft Inc., a research company in Kirkland, Wash.

Reducing the amount of code on a server would reduce the "attack surface area," Cherry said, meaning hackers would have less code to target. A virus last month that targeted a component for viewing JPEG image files affected Windows Server 2003, he noted, even though customers managing their servers remotely don't need that component.
Having less code should also mean lower maintenance costs, in part because customers won't have to apply patches to the parts of Windows that don't exist on their servers. "If you have a server whose role