In what classifies as Microsoft’s boldest statement yet regarding its growing confidence in its enhanced security practices, the company handed out 3,000 copies of a beta version of its forthcoming Vista version of Windows to attendees at this week’s Black Hat Briefings in Las Vegas.
Microsoft has gone through a security evolution that brought it pain, embarrassment, frustration, ridicule, and — now, at long last — a measure of respect, even from a hacking community that traditionally has shown mostly disdain toward the software giant and its ubiquitous products.
For Microsoft to step up as a Black Hat sponsor, to make serious technology presentations there (as opposed to thinly disguised marketing pitches), and to come to the proceedings with Vista copies in hand is an undeniable testament to the company’s commitment and determination to finally subdue the security bugbear.
It’s a signal that security mainstays — Symantec, McAfee, and Trend Micro foremost among them — should carefully consider. Yet again, Microsoft is sending an unambiguous message that is owning up to the responsibility to secure its own products rather than relying on third-party vendors to do the job on its behalf.
When you think about it, security should not have become the enormous standalone business it is today. Companies that build operating systems, applications, and online services should have done a better job developing secure code and protecting the integrity and reputations of their products. Microsoft was lax in that regard for years, but through radically reformed secure-coding practices and a string of relatively savvy security acquisitions, the company has made good on its promise to put security at the forefront of its priorities.
That’s a red flag for security vendors, which is why they have been scrambling — Symantec moving into enterprise storage with its big-bet Veritas acquisition, McAfee increasingly emphasizing its IPS and network admission control (NAC) products for midsize enterprises, and Trend aligning itself strategically with Cisco — to redefine themselves as Microsoft’s impending security juggernaut gathers velocity.
It’s also why they will be more aggressive in their security-related criticisms of Microsoft and its products. In that vein, Symantec recently alleged that Microsoft’s rewritten network stack in a recent Vista of beta is less stable than the one in Windows XP. It’s worth keeping in mind, of course, that Symantec now is a Microsoft competitor and that Vista, unlike Windows XP, has not been commercially released.
Symantec will hope that Microsoft gets it wrong, but it is behaving as though Microsoft will get it right.