Microsoft: Home Server Sports Serious Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
1/10/2007
03:33 PM
50%
50%

Microsoft: Home Server Sports Serious Security

Windows Home Server will include security features taken from Windows Server 2003, but won't work as a central distributor for patches to PCs on the home network.

Microsoft's upcoming Windows Home Server software will include security features taken from its enterprise-grade Windows Server 2003 software, but will not work as a central distributor for patches to PCs on the home network, a Microsoft executive said Wednesday.

The new server software, which Microsoft will debut in the third quarter inside a Hewlett-Packard box, has bits and pieces from other versions of Windows -- including some from the upcoming Longhorn server -- but "under the hood, it's essentially technology from Windows Server 2003," says Todd Headrick, Microsoft's product planner for Home Server.

Among the security steps Microsoft has taken in the software, adds Headrick, are to turn remote access off by default, open only those ports necessary for remote access when it is enabled, and to work with third-party vendors on potential add-on security.

"We're working with a variety of anti-virus [companies] for them to provide solutions if they want to run it on the server," says Headrick. He did not name the vendors. Like other editions of Windows, Home Server won't come with anti-virus software pre-installed. "Think of this as a new version of Windows if you want," says Headrick.

That also means it will need to be patched against future flaws. Windows Update -- the same service and mechanism used by consumer PCs -- will be set to automatically retrieve and install fixes. And the Home Server software will be added to the list of supported operating systems that Microsoft's security group monitors. "We'll manage vulnerabilities and patches [for Home Server] just like we manage all other vulnerabilities and patches," Headrick says.

"We've set Automatic Updates [to go online] daily at 4 a.m., when the house is sleeping."

One thing that Home Server won't do, however, is grab security updates for the home's PCs for distribution across the home network, a technique commonly used in enterprises to roll out patches for the company's desktops.

"We thought a lot about that and did quite a bit of analysis," Headrick says. "But we decided not to do it. First, the PCs don't stay tethered to the house. Families are buying more laptops, and if we had set Home Server [as the patch manager] a laptop that was out of the house for a month or more would be unprotected. We didn't want to be the bottleneck to those computers getting patched," says Headrick.

"And when we looked at bandwidth [as a reason to push patches from the server], we figured out that the amount of bandwidth taken up by patching just two or three or four PCs is minimal."

The server, however, won't be invulnerable to attack, Headrick acknowledges. Although the hardware will plug into the router -- and so will be protected behind that device's firewall -- an attack on one of the outward-facing PCs could be crafted to also compromise the data repository, a potentially lucrative target for cyber criminals and scammers.

"Yes, it would be possible. People do a lot of stupid things, like opening attachments," Headrick says. "We can't keep them from doing that."

Headrick also promised that the software, which will move into a second round of beta testing before the end of the month, will make security setup and management a snap. Initial setup will be conducted through one or more wizards that pose easy-to-understand questions, Headrick says, while later management of Home Server's security can be done from a PC connected to the network via a Web-based console.

Other security features in the server software are specific to Windows Vista. PCs running Vista will report their security status to the server, which in turn will alert the administrator -- presumably a parent -- that one or more systems need attention. The server, however, won't sport Vista-specific security provisions that Microsoft has touted, including User Account Control, a feature meant to make it more difficult for attackers to plant malicious code without the user's knowledge.

Even so, Headrick is confident that Home Server will stand up to scrutiny and properly protect a home's data investment. "We've learned a lot over the last two years, since Windows Server 2003 [released]."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll