When Microsoft CEO Steve Ballmer disclosed this week that several new tools for software patch management are now available, he was delivering on a two-year-old promise to relieve one of the most acute pain points for many IT departments. The drawn-out process of downloading, testing, and redistributing frequently issued Windows patches has been unduly difficult because Microsoft's own products for managing things were outdated. Ballmer and Microsoft chairman Bill Gates have staked their reputations on fixing the problem.
At Microsoft's TechEd 2005 conference in Orlando this week, Ballmer announced four key pieces of Microsoft's new-and-improved patch-management platform. Available immediately are Microsoft Update, a one-stop Web site where consumers and small business employees can find software updates for a variety of Microsoft products, and Windows Server Update Services, add-on software to Windows Server 2003 that lets IT administrators automate patch distribution. By mid-July, Microsoft also plans to release an inventory tool for Systems Management Server 2003 that ties into both of those new products, and Microsoft Baseline Security Analyzer 2.0, which will help smaller businesses detect missing software updates and related concerns.
The background on Windows Server Update Services is worth remembering. Its predecessor was something called Software Update Services 1.0, which runs on Windows 2000 Server. (Notably, the new Windows Server Update Services is available only for Windows Server 2003, which means it can't be used by the many companies that aren't running Microsoft's latest server operating system.) Software Update Services was based on the same back-end technology that's been powering Microsoft's Windows Update Web site since 1998. (The new Microsoft Update site is a much-needed modernization of the Windows Update site.) In other words, the underlying technology in Microsoft's patch-management tools is from the Windows 98 era.
Back in the fall of 2003, when IT managers were up in arms over the escalating security vulnerabilities in Microsoft products, Ballmer made a big deal out of the company's plans to improve patch management. Customers and partners "have been pounding us, pounding us, pounding us, for better patch automation solutions," the feisty CEO said in an October 2003 speech at Microsoft's Worldwide Partner Conference in New Orleans. At the time, the plan was to deliver Windows Server Update Services (originally dubbed Software Update Services 2.0, then later Windows Update Services) in the first half of 2004. Then it got bumped into the second half of '04, then delayed again to the first half of '05. (See my blog on the delays from July 2004.)
Finally, a year late, Windows Server Update Services is here. It will be interesting to see what kind of a difference it and Microsoft's other new patch technologies make in easing what's become a full-time job for too many system administrators. To its credit, Microsoft has already made other significant changes to its patch-distribution approach, including the move to a predictable once-a-month release schedule. A new report by Microsoft partner Wipro Technologies comes to the conclusion that Windows PCs and servers are less expensive to patch than Linux machines. It was sponsored by Microsoft and audited by the Meta Group.
The real proof will come when IT departments begin to transition the resources they now devote to patch testing and distribution to higher-value tasks, and do so with the confidence they have more secure Windows infrastructures. If and when that day arrives, Ballmer and Gates will have delivered on their promises in a more important way.