Recently, Microsoft announced that the long-anticipated release of Windows Server 2008 would be delayed until early next year. Actually, Microsoft does not consider this a delay, noting that the new server operating system (OS) will still be released to manufacturing late this year, adhering to the timeline Chairman Bill Gates referred to at the Windows Hardware Engineering Conference (WinHEC) in May.
@40355 Delay or not, Microsoft Windows Server 2008 will not be released until the end of February 2008, so its security features will not be available until more than a year after the release of Windows Vista, the desktop side of the formerly code-named Longhorn OS.
It is easy to forget that Vista and Windows Server 2008 were once lumped together under the single moniker of Longhorn. Microsoft envisioned Longhorn as part of 2002's Trustworthy Computing initiative. This initiative was Microsoft's answer to the spate of business-halting viruses that exploited myriad Windows vulnerabilities throughout the early part of this decade. Trustworthy Computing meant that Microsoft would re-architect its development process to focus on creating secure code and, ultimately, a more secure OS.
Industry pundits and administrators hailed the Trustworthy Computing initiative as a promising step forward. Microsoft was acknowledging the flaws inherent in its OS design and taking steps to develop more secure software.
That was six years ago. In the meantime, administrators are still applying patches, constructing workarounds, reconfiguring exploitable default settings. Does that mean that administrators should be concerned with this latest delay? Probably not. Microsoft has yet to improve the lot of administrators toiling away trying to lock down a feature-rich but insecure OS. But the real question is whether the idea that technology will solve security problems is a pipe dream. As has always been the case, administrators cannot depend on Microsoft to solve security problems. In a perfect world, it would be Microsoft's responsibility -- but the world is far from perfect.
About the author: Benjamin Vigil is a former SearchWindowsSecurity.com editor.
This was first published in August 2007