Users will have to wait even longer for already-delayed updates of security-focused products and services that Microsoft pledged would be ready by now.
At its Worldwide Partner Conference in Toronto, Microsoft officials disclosed that Windows Update Services won't ship until the first half of next year. WUS, which was formerly known as Software Update Services, can be used to automate patch distribution to employees on a scheduled basis.
At last October's Microsoft Worldwide Partner Conference, CEO Steve Ballmer said the free patch management service would be ready in the first half of this year. In March, Microsoft revised the release date to the second half of this year, and last week, the vendor pushed it back again.
Mike Nash, vice president of Microsoft's security business and technology unit, attributed the delay to the security-focused Service Pack 2 for Windows XP. Microsoft announced last week that SP2 is due for release in August.
"The key issue (with WUS) is that our updating technology is a core part of how Windows XP Service Pack 2 is going to ship," Nash explained. "That team is working on getting SP2 done, and as soon as SP2 is done, we'll be able to go focus on getting Windows Update Services done. . . You can't do the two in parallel."
Nash cited encouraging signs that the initial version, SUS, is seeing greater usage. At last year's partner conference, when attendees were asked if they used SUS, the vast majority of hands stayed down. This week, the number of raised arms was noticeably higher. Nash said that jibes with statistics showing that some 112,000 unique servers connect to Microsoft each day to check for content using SUS.
WUS is currently available as a private beta. A public beta is due toward the end of the year, said Gytis Barzdukas, a director of product management at Microsoft.
WUS can be used to patch not only Windows but also Office, Exchange and SQL Server. Unlike SUS 1.0, it lets users target specific computers, get basic reports and download only changed patch bits.
Russ Cooper, senior scientist at TruSecure, a Microsoft Gold Certified partner, said he's bothered by the delays, but he also recognizes that Microsoft must take as much time as it needs to get the security updates right. "Considering how dramatic this all is, they'd better not screw up," he said.
"When I hear 'delay' when it comes to security, I intuit they need to work on it before they feel comfortable sending it out," said Bob Crownhart, director of infrastructure at Premera Blue Cross. "And to me, that's good news. That's less painful than if they put out something that wasn't ready for prime time."
Like WUS, the Microsoft Update service that Ballmer said would be ready by now is being delayed to the first half of next year, Nash said. Microsoft Update is a single place on the company's Web site where patches for all of its products will be available.
Another delayed offering is Microsoft's Network Access Protection technology. IT administrators will be able to use it to set policies to determine whether users have updated patch and antivirus protection. If the machines aren't compliant, administrators can restrict network access and use tools to make sure they are updated.
When Microsoft discussed the technology in the past, it referred only to the ability to quarantine remote users in virtual private networks (VPN), according to Steve Anderson, director of Windows server marketing. Network Access Protection technology will be more broadly applicable to any type of connection, he said.
Network Access Protection is due to ship in the second half of 2005 with the update to Windows Server 2003, code-named R2. But one systems management analyst at a California-based health insurer, who asked not to be named, said his company primarily uses Windows 2000 Server and would find it helpful if Microsoft also made the technology available for that operating system. "A lot of shops, including ours, will not see Windows Server 2003 for probably a couple of years," he said.
Microsoft plans to publish the API and turn it over to a standards body, but it hasn't determined which one, Anderson said. More than 25 of Microsoft's partners, including Computer Associates International, McAfee and Symantec, announced support for Network Access Protection. A notable no-show was Cisco Systems, but Anderson said Microsoft hopes to reach an agreement with Cisco soon.
Also last week, Microsoft announced the on-time delivery of its Internet Security and Acceleration Server 2004, an application firewall, VPN and Web cache product. But it hasn't seen wide corporate usage to date. "Most large companies are looking for industrial-strength solutions," said one IT manager, who asked not to be named.