Microsoft Plans Transition To Longhorn

If the current state of Windows is a good but bug-prone operating system with an outdated file system and uninspiring search capabilities, and the future is a more-bulletproof platform with unified storage and intelligence-injected data retrieval, how do businesses get from here to there?

The answer involves a raft of Microsoft products due between now and the end of next year that, if delivered as promised, should help customers cut back efforts that go into patching systems and devote more of their IT resources to business innovation and opportunity.

That's Bill Gates' optimistic goal: "We've got to free up overhead in IT in order that those dollars can go against the new applications," Microsoft's chairman and chief software architect said in a Nov. 16 speech at the Comdex trade show in Las Vegas.

Not coincidentally, such a shift would bode well for Microsoft, too. In its most recent fiscal quarter, sales of the company's desktop operating systems were flat and contracts for new enterprise licenses were lower than anticipated. Microsoft acknowledged customer concerns over software security were partly to blame for the lag.

The road map involves security-focused updates, or service packs, for Windows XP and Windows Server 2003 and revamped tools and procedures for getting refreshed software and bug fixes to all versions of Windows. Longer term, Microsoft has laid out key features planned for its next-generation operating system, code-named Longhorn, including a unified file system that manages different data types, sophisticated data-retrieval technology conceived by Microsoft Research, and juiced-up graphics. Yet company officials remain noncommittal on Longhorn's delivery date, with a client version not expected until 2005 or later and a server edition after that.Meanwhile, job one is to bolster the security of existing versions of Windows. In early October, just as the security problems were beginning to hurt Microsoft's top line, CEO Steve Ballmer unveiled the company's latest ideas: once-a-month software updates and shield-the-perimeter technologies. "Customers and [partners] have been pounding us, pounding us, pounding us for better patch-automation solutions," Ballmer said. The update schedule kicked in last month, while some of the new shielding technologies will be manifest in the Windows XP and Windows Server 2003 service packs due in the first and second halves of next year, respectively.

Gates, in a Nov. 17 interview with InformationWeek, said those changes, in combination with Microsoft's just-released Systems Management Server 2003, should result in a vastly improved security picture by the middle of next year: "I think even our critics [will] say, 'Wow, they really turned this patching thing around.'"

SMS 2003 features new software-vulnerability-identification and -assessment capabilities, a wizard that simplifies patch distribution, and improved integration with Microsoft's Software Update Services. Two other products due next year should also help: Software Update Services 2.0, which will automate the distribution of patches beyond Windows to include SQL Server, Office, Exchange, and other Microsoft software; and Internet Security and Acceleration Server 2004, an application-layer firewall that's designed to fight the latest worms and network attacks and create more secure VPN connections.

Some business-technology managers like what they hear but say it's premature to judge Microsoft's progress. "I look at it from the standpoint of bottom-line results. It's much too early to declare victory," says Al Schmidt, CIO and VP of technology with Arch Chemicals Inc., a specialty chemicals company with dozens of servers and hundreds of PCs that are slated for upgrades from Windows NT to newer Windows versions next year.

Schmidt agrees with Gates on one point: If Arch Chemicals can reduce the time and effort devoted to infrastructure security, the freed-up resources will go into new business-technology projects. "There's a ton of things we can begin to deploy," Schmidt says. "Every time we have to do a patch, it cuts into our ability to make these things happen. As the [patch] automation becomes available, I'll jump on it as quickly as I can."If and when businesses shake their concerns with Windows security, Gates is ready with a new concept that he calls "seamless computing." It involves using Web services to break down technical and process boundaries-device to device, application to application, business to business-to create fluid information flows. It's a safe bet Microsoft's Yukon database and Whidbey development environment, both due next year, will be presented as tools to help build that infrastructure.

Then comes Longhorn. The next-generation operating system, previewed in late October at Microsoft's Professional Developers Conference, will feature the first new Windows application programming interface in a decade and a new file system, called WinFS, that leverages Yukon's relational database to manage files, E-mail, and Web pages. Longhorn also will include a new communications subsystem and presentation graphics layer.

All this translates into the promise of compelling new applications and productivity boosters. One example: At Comdex, Gates demonstrated prototype data-retrieval technology, destined for Longhorn, that helps users find previously accessed information stored in a variety of locations and formats. Improvements in Windows' search capabilities "could be the next big breakthrough," says Michael Cherry, an analyst with Directions On Microsoft. Longhorn also will incorporate an Information Agent that helps manage a user's communications based on preferences.

It's enough to get some business-technology professionals excited about the possibilities. "We're going to be working with Microsoft closely on some of their new products," says Charlie Orndorff, VP of infrastructure services with Crossmark Inc., which provides sales and marketing services to consumer-goods companies. On Microsoft's progress with patch management, though, Orndorff says, "I've heard talk about it. But I haven't seen it delivered yet."

Jeff Nigriny, chief security officer with Exostar LLC, an online exchange, likes SUS 1.0 and applauds Microsoft's quality-control efforts, but he's unimpressed with other aspects of Microsoft's near-term strategy. Nigriny calls the company's secure-by-default approach, in which once-active Windows features have to be manually engaged, a "mistake" that will lead to deployment confusion. And he sees problems with Microsoft's shield-the-perimeter approach, which involves creating a hardened network exterior to protect vulnerable PCs within. "It's well known in the security community that is not the way to solve the problem," he says.A tough assessment from someone who claims he has no bias against Windows. "I think I'm actually pretty pro-Microsoft," Nigriny says.

The obvious challenge for Microsoft is to impress its fans-let alone the critics that Gates mentioned-with the company's advances in security. Until then, Longhorn will seem like a long way off.

George V. Hulme contributed to this story.