Hacking may have hurt key Microsoft strategy
PALO ALTO, Calif. _ The software worm that bored its way into sensitive
product-development areas of Microsoft's network over a reported 12-day period
may ultimately prove less damaging to the company's intellectual property than
to its strategic ambitions.
As it attempts its steepest corporate reinvention yet, Microsoft is painting
itself as the company with products large enterprises can rely on to grow their
businesses into the New Economy. Yet as demonstrated by the hacker attack
uncovered last week, Microsoft itself cannot totally protect precious data from
unwanted _ and illegal _ incursion in a Windows-based environment.
Microsoft's Silicon Valley competitors, while acknowledging no company is immune
to hacker attacks, say Windows has greater security challenges than older, more
mature systems built on Unix and a Unix spinoff, Linux.
``We believe Solaris offers a lot more security,'' Ed Zander, president and
chief operating officer at Sun Microsystems, said of the company's Unix-based
operating system.
Acknowledging ``this could happen to anyone,'' Zander said, ``We can't evaluate
specifics till we know exactly what did happen'' in the Microsoft case.
Microsoft, whose explanations have changed a number of times since initial news
reports about the incident, said it is withholding numerous details to avoid
hindering an FBI investigation.
The company said the intruder got only fleeting access to a future product, not
Windows or Office, and it narrowed the length of the attack from weeks to 12
days.
As a precaution, however, Microsoft blocked employees from having remote access
to the corporate network over the weekend.
Regardless of what happened in the incident, it might be Microsoft's ambitious
corporate initiatives that are affected most in the long run.
Since February's rollout of Windows 2000, Microsoft's most powerful operating
system to date, the company has championed the reliability of Windows-powered
business systems.
With the advent in June of its .NET strategy and line of high-powered servers
aimed at corporate networks linking to the Internet, the volume has increased to
the level of a corporate mantra.
At a high-profile event called Enterprise 2000 in San Francisco last month,
Chief Executive Steve Ballmer emphasized Microsoft had ``come of age'' in the
world of enterprise computing, the business of serving huge corporations,
government and institutions.
With its new products and initiatives, including Windows 2000 Datacenter server
and the .NET enterprise server market, Microsoft has the building blocks
``required to run the biggest businesses in the world,'' Ballmer said.
Of the company's more than 38,000 employees, 3,200 are involved in consulting,
3,900 in enterprise support and more than 2,000 in enterprise services, all
contributing to what has become a $4 billion annual business for Microsoft.
But longtime observers say Microsoft must hurdle doubts about security if it is
to become a big-enterprise player for banks, airlines, stock brokerages,
insurance companies and telephone companies that rely on ``unbreakable''
computing services.
``The fact is, software kernels (key code) have to be absolutely crack-proof,
and that's a level of robustness that Microsoft has had little experience
with,'' said George Lindamood, former chief of information systems for
Washington state and a big-systems consultant. ``Given the experience with NT
(Windows 2000's predecessor), I'm dubious that they can make a silk purse out of
that sow's ear.''
Asked about the break-in disclosed last week by a program called QAZ Trojan,
privacy expert and author Simson Garfinkel said, ``What do you expect? It's
Windows.''
Features Microsoft has built into Windows to integrate popular Office and
Internet services have been repeatedly exploited by hackers _ notably the author
of the infamous Outlook e-mail Love Bug.
Microsoft defended the integrity of its network security, noting that hacking of
corporate networks occurs regularly. On the other hand, the company's request
that the FBI investigate indicated this incident held greater significance,
apparently based on the company's inability to track down or trap the intruder.
In the intellectual-property world of e-commerce, ``companies need 100 percent
assurance that their data is safe,'' said John Loiacono, chief marketing officer
at Sun Microsystems, a chief Microsoft competitor based in Palo Alto, Calif.
Microsoft says it can meet corporate data needs by ``clustering'' high-powered
PCs together at a fraction of the cost of a Sun server.
``It's an appealing proposition at one level,'' Loiacono said. But companies who
rely on round-the-clock reliability, ``tell us they're not even looking at the
(Microsoft) Datacenter (server) stuff,'' he said.
Another Microsoft arch foe, database maker Oracle, likes to warn clients of
Windows 2000 reliability claims.
At the Windows 2000 launch, Chairman Bill Gates noted that a Windows 2000 server
could be expected to experience a reboot or downtime only after at least 90 days
of uninterrupted performance. If a company clusters 12 such systems together,
Oracle said, that could mathematically equate to an outage every 7-1/2 days.
Microsoft can point to competitors' problems as well. Most recent was a series
of ``glitches'' on eBay, the high-traffic Web auction site. Oracle issued a
statement blaming the outages on a software upgrade to its 8i database, a
competitor to Microsoft's SQL Server database.
``This is what happens when you put all your resources into one big, honking
database,'' said Charles Fitzgerald, director of business development for the
developer-strategy group at Microsoft, as opposed to spreading out among several
``clustered'' systems.
Memories of security holes tend to be short-lived. Asked if last week's episode
gives the company a black eye in the enterprise world, a Microsoft spokesperson
noted, ``Only until some other big company gets hit.''
But the official acknowledged Microsoft still is proving its mettle in
enterprise computing.
``To win in the enterprise space requires a whole different world than we've
been used to,'' the executive said.
Adding that the company is ``making progress,'' the executive noted, ``Before
people were saying Windows couldn't do it at all. Now they're saying here are
the things it needs to do to succeed, and that list is shrinking all the time.''
(c) 2000, The Seattle Times.
Visit The Seattle Times Extra on the World Wide Web at
seattletimes.com
Distributed by Knight Ridder/Tribune Information Services.
AP-NY-10-31-00 1250EST< |
