Q&A: Microsoft Announces New Technologies that Empower IT Professionals by Reducing the Complexity of Software Update Management

ORLANDO, Fla. – June 6, 2005 – At Tech•Ed 2005 today, Microsoft Chief Executive Officer Steve Ballmer discussed the important role of information technology in the global business environment and outlined a range of investments by the company. As part of Microsoft’s continued investment in security, Ballmer announced the availability of a new and comprehensive set of integrated technologies and services that can help customers better manage the update process for Microsoft software. Software update management is a fundamental component of managing a computer network of any size or type, as installation of security updates is a critical way to help protect systems from known vulnerabilities. Microsoft has made notable progress toward its goal of providing customers with a more streamlined and cost-effective software updating experience built around technology and guidance. The company is building on that progress with four technologies that reduce complexity and make update management intelligent, reliable and consistent.

PressPass asked Gordon Mangione, corporate vice president of the Security Business & Technology Unit, to discuss update-management technologies and explain how they work together to provide more secure computing.

PressPass: Could you provide an overview of the security and update management announcements made by Microsoft at Tech•Ed 2005?



Gordon Mangione, Corporate Vice President, Security Business & Technology Unit

Mangione: With the services and technologies announced at TechEd 2005, we are delivering on our commitment to make software update management easier and more comprehensive. Specifically, today we announced the availability of Windows Server Update Services (WSUS) and Microsoft Update (MU). WSUS is an update management component of Windows Server 2003 that enables IT administrators to more easily assess, control and automate the deployment of Microsoft software updates. WSUS gives customers the ability to better secure Windows environments and minimize downtime. MU is the next generation of the popular Windows Update (WU) service. It gives customers everything they get through WU plus high priority updates for Office and other Microsoft applications. It’s a one-stop destination for updates that help keep computers more secure, up-to-date, and performing at their best. MU includes the Automatic Updates functionality already found in WU so users can choose to automatically install high-priority updates.

Microsoft will also release a new version of WU, v6.0 and support the existing version of Office Update to ensure that customers choosing to continue using those services can keep their computers more secure and up-to-date. WUv6 adds minor usability improvements that make it easier to find updates and will eventually support Windows Genuine Advantage.

By mid-July we will also release two other updating tools. Systems Management Server (SMS) 2003 Inventory Tool for Microsoft updates integrates with the WSUS scanning engine and MU to provide enterprise customers with a new security update scan tool for enterprise patch management. This tool enables the detection and deployment of the latest security updates and product service packs to increase the ease and manageability of update management. The final and complete version of Microsoft Baseline Security Analyzer (MBSA) 2.0, which helps small and medium businesses analyze their security state and detect common security mis-configurations and missing security updates, will also be available by mid-July. MBSA scans millions of computers each week and is used by many third-party security vendors including Tivoli, Citadel Security Software and PatchLink.

PressPass: How do these four different technologies work together?

Mangione: With these software update tools, Microsoft is offering a comprehensive and integrated set of update management technologies that are less complex for our customers to manage. One of the most significant advances is the MU infrastructure, which serves as a single point of reference and sole repository for security and Microsoft product updates for all of our new update management technologies. Deployment and analysis tools such as WSUS, MU, SMS 2003 Inventory Tool and MBSA 2.0 will poll the MU catalog and use it as the unique source for information on product and security updates. This greatly reduces the complexity of the internal update infrastructure. It also helps ensure that detection, deployment and management tools – offered by both Microsoft and our partners – will deliver consistent results, making the update process clearer and more reliable.

PressPass: How does this improve on previous update and detection processes?

Mangione: Previously, information on security and product updates was not centralized, and to keep their systems updated, customers had to visit multiple Web sites. Not only was this time-consuming and complex for customers to keep their computers and networks up-to-date, the lack of a single, centralized infrastructure made it difficult for detection and analysis tools such as MBSA to return consistent results. In addition, the various update and detection tools each employed different software engines, or agents, to poll the information sources. Because the new services and technologies draw information and updates from a single source – the Microsoft Update catalog – and use a common polling engine (provided by the new Windows Update Agent), our customers will have a much more integrated and reliable update management process.

PressPass: What kind of feedback have you received from beta customers on some of these technologies?

Mangione: We’ve received great feedback from the WSUS, MBSA and MU beta programs. Customers told us that they really value high quality and well-tested updates, clear and reliable communications, and intelligent and integrated updating technologies that reduce complexity and increase their productivity.

Convergent Computing, one of the beta customers for WSUS, estimated that the time spent updating software each week is one quarter of what it used to be since it started using WSUS. Due to the reduced complexity and consolidation of updates provided by the technology, what was once a full-time job for one administrator is now just a fraction of that person’s job.

We’re also hearing from customers that these technologies are helping to reduce the burden of updating so they can focus on what they want to be doing. We spoke with one of our WSUS and MBSA 2.0 beta customers last week, Heartland Technologies, which is a technology services consultant for small to medium-sized businesses. They told us that in the past, most of the time they spent onsite with customers consisted of manually updating their computers with the latest software updates. There wasn’t much perceived value for their customers, and the resources Heartland spent on maintenance and updating didn’t provide a direct return on investment. Now, with WSUS, Heartland Technologies can manage those updates remotely and much more efficiently. Their engineers can now spend more time with customers on valuable consulting and talking about technologies that can help their customers’ bottom line. That’s a lot more interesting for Heartland’s engineers, more profitable for Heartland and more beneficial for Heartland customers.

PressPass: How do these integrated technologies impact the bottom line for your customers?

Mangione: Keeping software updated is a fundamental component of managing a computer network of any size or type and will be a significant part of the Total Cost of Ownership (TCO) equation for years to come. By reducing the complexity and automating more of the updating experience, customers can start to roll out updates more quickly and with minimal costs incurred as a result of lost productivity, regressions or attacks. The close integration between the new update technologies with the Microsoft Update catalog enables faster and more accurate scanning, reporting and network evaluation.

These updated technologies further the progress Microsoft has made over the last two years in improving the software update process for customers, especially in terms of operational efficiency. Wipro Technologies surveyed 90 enterprises in North America and Western Europe with at least 2,500 systems (clients and servers), identifying the costs associated with security updates and measuring both the time and effort it takes an organization to successfully update their systems. The data revealed that individual Windows systems require 40 to 56-percent less effort to update than similar systems running open-source software. They also found that open-source systems faced with high-level and critical vulnerabilities are at risk longer than comparable Windows systems. The integrated technologies we announced today will further reduce the complexity, time and effort associated with updating for our customers.

Along these same lines, this week at TechEd, we’re introducing a set of ISA Server 2004 updates designed for branch offices that will save our customers time and money through the ability to expedite software updates, accelerate the Web browsing experience and leverage the existing network investments without needing to install new software. In addition to the branch office capabilities already available in ISA Server 2004, these updates will allow our customers to reduce their exposure to attacks by expediting the WU rollout, thereby freeing-up network resources for IT administrators.

PressPass: What level of industry support have you experienced for these Microsoft security and update technologies?

Mangione: Our partners are a key part of our efforts to help protect customers and reduce the complexity of their updating process. A number of independent service providers who provide update services to the Microsoft platform are building solutions to integrate with the update management technologies we announced today. Citadel Security Software and Tivoli will provide integration with MBSA 2.0, as will PatchLink in the short term. Later on, PatchLink will also build solutions on WSUS. BindView also plans to integrate with WSUS. So even if a customer doesn’t choose to use a Microsoft product for their update solution, there are other solution providers whose technologies will integrate with ours to provide similar consistent and reliable results.

PressPass: How does security response and communications relate to Microsoft’s improvements to the update management experience?

Mangione: Timely response, communications and guidance are absolutely critical in supporting the technology improvements we announced today. Microsoft has long been committed to providing our customers with an industry-leading security response process, led by the Microsoft Security Response Center (MSRC). The MSRC serves two main functions within the company: investigating and releasing fixes for vulnerabilities in software and protecting customers in the face of active attacks. In response to customer feedback, the MSRC has made significant progress in helping customers manage the update process during the past two years. Some of the most recent improvements are Microsoft Security Advisories, which provide guidance and information about security related software changes or software updates. Other enhancements include the Advanced Notification Program to help IT pros plan their resources appropriately for deploying security updates and the MSRC Blog, which provides insight directly from those working in the MSRC on recent security related news, activities and threat issues.

PressPass: What other recent advances has Microsoft made in security for the Windows platform and what can we anticipate in the future?

Mangione: One of the most significant enhancements we’ve made this year was Windows XP Service Pack (SP) 2 with Advanced Security Technologies, which helped make Windows XP more secure by default. We designed this service pack explicitly to provide protection for Windows XP against hackers, viruses and other security risks, and it was a significant step toward making PCs more resilient in the face of evolving threats.

We’ve seen increasing numbers of customers deploy SP2. In fact, less than a year after its release, more than 200 million copies of Windows XP SP 2 have been distributed in 25 languages around the world. The Enterprise is also embracing the security benefits of Windows XP SP2. Customers like Raymond James Financial, a diversified holding company, recently deployed Windows XP Service Pack 2 on the majority of its 5,800 workstations resulting in a more secure, easier to manage IT environment. Vulcan Materials Company, a producer of construction materials, also recently deployed SP2 across its 3,000 desktop and portable computers.

As for the future, with the 2006 release of the newest version of the Windows operating system, code-named “Longhorn,” Microsoft will offer customers an infrastructure that starts, runs, communicates and stays more secure than any other desktop operating system we’ve delivered. We’re investing in a number of significant security improvements including integrated anti-malware capabilities to help protect customers from adware, spyware, “phishing” scams and other threats. “Longhorn” will also offer protected user accounts which greatly reduce the ability of interference from malicious code as well as an enhanced Firewall and “Service Hardening” that will actively prevent malware from propagating and personal data from being compromised.