Note Of Caution: Longhorn May Pose Security Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Note Of Caution: Longhorn May Pose Security Concerns

Microsoft is portraying Longhorn, the version of Windows due in about three years, as its most secure operating system ever. But company officials acknowledge that features in Longhorn that blur the boundaries between code that's running online and locally will compel the software maker to better educate developers about online trust.

Microsoft's new programming specs, called WinFX, will let developers create Web applications that launch local programs that consume data from the Internet. At its Professional Developers Conference last week, Microsoft demonstrated a visit to a LexisNexis Web site that launched a program that let users search their hard drives and the Web simultaneously. If those kinds of applications come to pass, software developers will need a more-precise mechanism for controlling the privileges those applications have, says Microsoft senior VP Eric Rudder. "Absolutely, there are security issues with downloading code," he says. Current yes/no controls for downloading applets from the Web are "super coarse-grained," he adds.

Longhorn will include security technology called the Next Generation Computing Base that's supposed to wall off some software programs from important parts of the Windows operating system. But IT managers will still have to decide how to write into software policies that deal with when to grant download rights and how to phrase questions to users, Rudder says.

Security issues are starting to hit Microsoft's top line. During its first quarter ended Sept. 30, the company reported a sharper-than-expected $768 million sequential drop in unearned revenue, a reflection of how quickly businesses are renewing licenses. CFO John Connors attributed the drop in part to ongoing concerns about computer attacks.

Gene Fredriksen, VP of information security at financial-services provider Raymond James & Associates, says Longhorn features that post blog entries and instant-messaging buddy lists on the Windows desktop could create new ways for attackers to enter systems.

Security pros are right to be worried about how attackers can exploit new technology, says John Pescatore, a Gartner research director for Internet security. First-generation standards and protocols generally are designed for easy implementation, he says--not for keeping out the bad guys.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Is the Computer Science Degree Dead?
Guest Commentary, Guest Commentary,  11/6/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll