Just one day before the launch of its Windows 2000 operating system today, Microsoft yesteday disputed suggestions in a leaked company memo that the product contains 63,000 bugs.
Keith White, director of Windows marketing at Microsoft, doesn't dispute the authenticity of the memo sent by Windows development leader Marc Lucovsky.
An excerpt from the memo reads in part, "Our customers do not want us to sell them products with over 63,000 potential defects. They want those defects corrected. How many of you would spend $500 on a piece of software with over 63,000 potential known defects?"
White insisted that the Windows 2000 code has been extensively vetted by 750,000 beta testers and security analysts for potential bugs and asserted that "the claims are taken out of context and completely inaccurate."
According to White, the memo was intended as a "motivational statement" for the Windows development team based on an automated scan of the source code with a tool called Prefix. He said the analysis flagged code in Windows 2000 that could be made more efficient in the next release, detected false positives and analysed 10 million lines of test code that weren't included in the release. White likened running Prefix on code in Microsoft's Raid development database to running a grammar-check tool on F. Scott Fitzgerald's classic The Great Gatsby - the tool may underline unfamiliar words but doesn't change the content of the novel. "Our customers, analysts and technical reviewers say this product is rock solid," said White. "This is the most reliable version of Windows ever."
Shanen Boettcher, product manager for Windows 2000 security services, noted earlier this week that the product leverages security strategies from Windows NT with new features designed to centralise security management to keep corporate data and network traffic secure. "We needed to provide a better starting point with the (operating system)," said Boettcher. "Historically, it's been OK to leave (the software) relatively open and have people lock it down over time, but as things became more interconnected in the network, we needed a more locked-down starting point."
The features adopted from Windows NT include single sign-on administrative tools for security policy and account management, plus tight integration with Microsoft BackOffice application services. Microsoft's adoption of standards-based security protocols for Windows 2000 is also intended to enhance cross-platform interoperability with other systems in a user's environment.
According to Microsoft, one of the most important security features of Windows 2000 is integration with the Windows 2000 Active Directory, a standards-based directory service where customers can store information about network elements such as user privileges, machines and applications. Instead of requiring users to repeatedly log on as they move through applications and systems, Active Directory stores network information in one location, allowing for swift updates and a single checkpoint for access to network resources.
"From a benefits standpoint, integrated management at a single point from Active Directory is really beneficial for IT professionals," said Boettcher. "It is one place they can go to make sure everything is secure and set up properly."
Microsoft officials say the central management strategy will allow businesses to manage information about employees, trading partners, suppliers and channel organisations in real time over the Web. Active Directory also serves as a foundation for other security services designed to authenticate users and safeguard data and applications. These include the following:
Security Configuration Manager, which lets administrators put security configurations into a template and apply it to selected computers in a single operation.
IP Security, which encrypts network traffic between systems, safeguarding internal networks and providing secure virtual private networks over the Internet to a company's internal network.
Kerberos Version 5 authentication protocol, which authenticates network communications. It replaces Windows NT LAN Manager as the primary protocol for network authentication.
Public Key Infrastructure (PKI) standards-based security architecture, which combines public-key cryptography with digital certificates to verify the safety and integrity of data and documents and validate the identity of users.
Certificate Mapping gives administrators the ability to map a PKI certificate to a user account in the Active Directory. This provides a bridge between PKI and the Kerberos protocol, allowing administrators to manage internal and external users as well as access control and security.