Microsoft has used its TechEd conference to hit all the right buttons when it comes to security.
Chief security strategist Scott Charney announced three new plans, which, combined, appear to cover almost all the security concerns that surround the world's biggest software company.
One: Microsoft's confusing array of methods for adding and installing patches to security holes in its products will be simplified from the current eight to two by the end of the year - one for operating systems and one for applications. This will be reduced to just one in time for the release of its new operating system, codenamed Longhorn, in 2004.
Two: It has signed up with Internet giant VeriSign to jointly produce new digital authentication systems (by the end of this year) so security is tightened across networks. This basically amounts to automated digital signature exchanges so people and systems know for certain who they are but without all the hassle. Of course, such a network is not necessarily constrained by geography, so quick secure access anywhere in the world is beckoning.
With digital signatures gradually becoming accepted as legally binding, this could be a vital and important bit of technology for ecommerce as well. And, spying a bandwagon to jump on, Microsoft has pointed out that it would also come in very useful for Wi-Fi networks. They have also argued that digital signatures would help defeat spam, although this may be one bandwagon too far.
And three: Microsoft has announced two security training programmes based on its previous admin and engineer qualifications so people can train up on how to use all this new wonderful kit once it arrives. It has stressed that one exam is an industry recognised standard of competency.
So, as ever with Microsoft, it has pulled off the feat of telling people that all their problems will be solved within the next year/two years. And, of course, everyone has reported it as if it's already happened. It's hard to put a figure on the percentage of promises made by Microsoft it has actually kept because there is always some form of product that does at least some of what they said it would. Often, thanks to the ubiquitous MS evangelising, observers ascribe a product features that MS never said it would have in reality.
The two patch methods rather than eight is a good idea and will happen, if only because with Linux creeping up on Windows, the issue of patching security holes easily and quickly has become more and more important. Windows and Microsoft products in general are targeted by hackers because a) they hate Microsoft and b) Microsoft products are the most widely used and used by the most technically illiterate people.
By providing a faster and more effective patch system, MS can help reduce the argument that Linux is more secure. In fact, following its usual aggressive strategy, Microsoft has subtly started pushing the argument that Linux is just as insecure and buggy but not as targeted by hackers as Microsoft so no one really notices - a wonderful bit of false logic that we can look forward to seeing more frequently soon.
The VeriSign link-up makes good business sense and is another example of why Microsoft still rules the roost. Whether it has to buy another company and use its technology to fulfil the vision remains to be seen.
And of course the training schemes have numerous advantages - people know how to use the kit, they are trained up and so tied-in with Microsoft kit, and people pay money to take them.
All in all, Scott Charney and Bill Gates will be very happy with the performance.