Ballmer: Microsoft committed to security

Microsoft CEO Steve Ballmer last week offered a preview of the coming year for his company, with corporate IT professionals in mind, via an e-mail interview with Computerworld . In today's third and final installment, he takes on the subjects of security, software licensing and upgrades, Linux and Java.

Q: Microsoft software continues to be plagued by well-publicized security problems. How will you convince corporations that your platform is ready for major new initiatives such as .Net?

A: This is obviously a challenge not only for Microsoft, but for our entire industry. The fact is, all software contains vulnerabilities. What I can tell you is that we are 100 percent focused on building products and technologies that are safe and secure. Creating software that people can rely on is key to the success of our .Net vision. In the short term, we are committed to responding quickly and openly when vulnerabilities are discovered and work with customers to rapidly provide solutions to ensure system security. And in the long term, we're building secure software from the ground up through programs such as the Secure Windows Initiative, which is focused on providing Microsoft engineers throughout the company with ongoing education, better tools, security-focused development processes and rigorous internal and external testing required to deliver the high-quality, secure software and services that customers demand.

Q: Since Sept. 11, criticism about the security of commercial software has been growing louder in Congress and among Bush administration officials. These critics contend that it's becoming too difficult for end users to stay abreast of patches, and they say software needs to be designed with security in the forefront. What's your response to these critics?

A: As an industry leader, we know we have a special responsibility to provide our customers with secure software and to make it even easier for them to maintain that software. In terms of national security, we are working closely with government agencies and officials as well as others in the industry to protect our nation's critical infrastructure. To help our individual and business customers be more secure, we have launched programs like Windows Update and automated hot fixes, as well as the Secure Windows Initiative.

Q: The changes that Microsoft made to its volume licensing and upgrade programs had corporate users up in arms this year. Many complained that they'd see an increase in costs and that Microsoft's maintenance fees are out of line in comparison to those charged by other vendors. What do you say to those corporate customers? Is there anything more Microsoft can or will do to appease them?

A: You're right, price is an issue. And we know our licenses and maintenance fees are competitive. We charge US$20,000 for SQL Server Enterprise Edition on one processor. Oracle charges $40,000 for the equivalent product, 9i Enterprise Edition on one processor. But people don't just want the basic Oracle product. In order to be competitive, they need (online analytical processing), data mining and other advanced database features. Those come built into MS SQL Server 2000. If you want that from Oracle, the price of 9i doubles to $80,000 per processor. And then when you look at upgrade maintenance, Oracle's 15 percent a year is now $12,000. Our upgrade offering, Software Assurance, is 25 percent, or $5,000. We think it's a very competitive offer for everything built into our product. One of the big issues for many customers was that this is a big change in how we handle upgrades, and we didn't give them enough time to plan for the change. But we listened, and extended the transition to the new program all the way into the middle of next year, so folks have 14 months from the original announcement to review Software Assurance and plan accordingly.

Q: Some users are threatening to upgrade less often. They say they don't need many of the new features in Office. What do you say to those customers?

A: There will be some customers who don't need to upgrade. But the work we do on new versions of products like Office is driven in large part by what customers tell us they want. We know that unless we make Windows that much better in the next version, unless we make Exchange that much better, unless we make Office that much better and unless we enable all of them to take advantage of Web services, customers won't upgrade.

Q: How do you foresee the competitive landscape changing for Microsoft this year, if at all? How will you counter the competitive challenge that Linux and Java present going forward?

A: In the current economic climate especially, customers are demanding bottom-line value for their IT investments. We intend to deliver by offering not only value, but also a clear technology road map for the future. I really believe that the companies that fail to deliver on these business basics will be paddling upstream. As for Linux, the overall [total cost of ownership] issues with Linux, coupled with its limitations, have caused many enterprise organizations to look elsewhere in their planning for the coming year, and I should add that Linux has seen recent declines in overall deployment over the past two quarters. For Java, a big question remains around strategic innovation for Web services. With the .Net framework, Microsoft has developed a clear, well-articulated path designed from the ground up, specifically for Web service development and deployment.

Q: States dissenting to your antitrust agreement last year submitted a remedy proposal that would require Microsoft to port Office to other operating systems. Microsoft now ports Office to Apple. Why hasn't it done so in the case of Linux? Is there any chance Microsoft will? What are your general thoughts on porting Office?

A: We have made clear our concern with the GNU General Public License (GPL), the license that governs Linux. Even limited or relatively obscure uses, like including a few lines of GPL code in a commercial product or linking directly or indirectly to a GPL library, may have a dramatic effect on the legal rights and obligations of software companies. In addition, although Linux has received a considerable amount of hype and may have received some degree of success in niche server scenarios, we don't think Linux is compatible with the level of service, product consistency and vendor relationships that customers expect when they purchase Microsoft Office.