As part of its all out
offensive to deal with what company officials now describe as a security “crisis,” Microsoft has announced a major revamp of Software Update Services (SUS), a
little-known tool that automates the deployment of security patches.
Burned by a significant increase in malicious worms targeting its
software products, Microsoft chief executive Steve
Ballmer announced SUS 2.0 would ship in the first half of 2004 with major
feature changes to appeal to enterprise customers.
The Software Update Services tool is available — for free — to allow
sysadmins to deploy critical security updates and service packs to Windows
2000 and Windows Server 2003-based servers, as well as to desktop PCs
running Windows 2000 Professional or Windows XP Professional.
During a presentation at the inaugural Microsoft Worldwide Partner
Conference in New Orleans, Ballmer asked for a show of hands of attendees
who had heard of, or deployed, the free SUS tool. Based on the less-than
enthusiastic response, Ballmer said the SUS 2.0 upgrade was “almost like
announcing” something new.
“Customers and you have been pounding us, pounding us, pounding us, for
better patch automation solutions. We put something in the market. It’s
free, it’s a downloadable thing, but we call it the Software Update
Services. You can think about it as a server that a customer can install
that talks to Microsoft Update and allows you to apply local policy for
automatic distribution of patches the way Windows Update today can provide
automated distribution of patches to consumer machines,” he declared.
“It’s a patch-deployment automation system. We are bringing out an update
to that patch-deployment automation solution, Software Update Services 2.0,”
the Microsoft CEO added.
“Remember, the thing talks to Microsoft Updates. It sees all the patches.
It will bring them down to a corporation, and then it will apply those
patches to the systems in that a corporation, with policy and with group
machine management specified by you on behalf of our customers,” he
added.
Ballmer said the Systems Management Server (SMS) 2003 product, which
launches on October 22, would be a superset of the new SUS 2.0.
The Microsoft boss said the SUS 2.0 tool would be heavily promoted by
Microsoft to ensure enterprise clients are aware of its availability. “When
I am back at this conference next year, I am going to ask people whether
they’ve deployed Software Update Services 2.0. And if as few hands go up as
went up today, I’m going to have a real issue with our product development
people or with our marketing people, because, believe me, this is targeted
at one of the key pain points that you and our customers have identified,”
Ballmer declared.
Getting down to the nitty-gritty of how the revamped SUS 2.0 will work,
Ballmer said the tool can be used to scan machines, figure out what needs to
be patched, apply the enterprise admin’s policy and deploy the fixes.
“It adds no cost, at least of acquisition. It is something that we
provide to you that you can provide with only your service costs involved to
your customers, and the new version will be available in half one of 2004.
We have got to help get the word out if we are really going to do the right
job on behalf of our customers. This is the corporate equivalent of Windows
Update for the consumer market,” he declared.
Ballmer also announced Microsoft would extend security support for old
software releases. For Windows 2000 Service Pack 2 and for Windows NT
Workstations, Service Pack 6A, he said Microsoft would extend security
support to June of next year.
The major strategy shift at the world’s largest software firm includes a new
plan to stop issuing weekly software patches for security
vulnerabilities as part of a major plan to avoid issuing updates on a “very
unpredictable schedule.”
Instead of software patches issued every Wednesday, Microsoft chief
executive Steve Ballmer said the company would release monthly security
patches except for emergency situations. “We have been putting out our
patches on a very unpredictable schedule. We will now go to monthly
patches — no more than monthly. If we don’t need monthly, we won’t have
them. But no more than once a month, except for emergency patches which will
be made available essentially immediately,” Ballmer explained.
Microsoft has also instructed OEM partners to turn on the Internet
Connection Firewall (ICF) by default on all new Windows XP-based system.
The ICF, which is built into the XP platform, is not enabled by default on
existing client systems.
The announcements from Microsoft comes on the heels of two
hard-hitting reports that argue that the U.S. government’s increasing
reliance on Microsoft software makes federal systems “susceptible to
massive, cascading failures.”
The reports, which suggested that the ‘monoculture computing’ reliance on
only Microsoft operating systems and applications increases the risk
associated with security vulnerabilities and computer viruses, have sparked
industrywide discussion.
