Features:

MICROSOFT'S BALLMER DEFENDS THE SECURITY OF WINDOWS
by Jennifer Tabor

Steve Ballmer, Microsoft's chief executive, stated that he believes Windows is much more secure than its open source rivals.

Despite contrary popular opinion, Ballmer went on to suggest that data from CERT provides proof that Windows is more secure and reliable than Linux platforms like Red Hat.

Ballmer cites the drop in critical vulnerabilities -- from 17 in Win2000 to the four discovered in the first 150 days of Windows 2003 -- as evidence of Microsoft's heightened security. He went on to state that the vulnerabilities in the first 150 days of Red Hat were nearly five to ten times higher.

However, Red Hat vulnerabilities include application flaws that run on top of the distro as well as the distro itself. Though Microsoft's security alerts are decreasing, the comparison to Red Hat is misleading because the seriousness of particular problems and how widely they are exploited is not taken into account.

Most academic experts see little difference between the security of open and closed source platforms. System administrators, however, say that patching Windows for security updates is frequently more troublesome than with Linux platforms.

Ballmer still finds fault with open source security, citing its lack of personal accountability in security related issues.

And what of Microsoft's own Trustworthy Computing initiative, now approaching its second birthday? Ballmer admits that Redmond's effort to address patching issues are overdue but he points to the progress the company has made thus far.

He stressed the strides that Microsoft has made improving security, while commenting on the work that needs to be done. He believes that the patching process currently used needs to be more predictable and more consistent.

Ballmer emphasized Microsoft's committment to providing top notch security, citing it as the highest priority.

Gartner analysts say that approximately 95 per cent of Microsoft's code problems are due to the fact that most of the code was written six to eight years ago.

When asked if the code would be rewritten, Ballmer was unclear. He stated that a lot could change within the next 20 years. He then discussed new security models based on XML technology.