In brief: Ballmer pledges security push . . . again

Plus: Three CA execs resign; VeriSign, ICANN butt heads again; FCC rules on wireless number portability; Emulex buys Vixel.

Calling Microsoft‘s most-recent software security crisis a defining moment, CEO Steve Ballmer last week reiterated the company’s vow to fix what is broken.

Ballmer repeated promises to improve patching tools, including a single site to download patches, fewer installer technologies and smaller patches with fewer reboots. The improvements will come in mid-2004 along with an upgrade to Microsoft’s Software Update Services 2.0, which will include platforms other than Windows, including Exchange, Office and SQL Server.

Microsoft also will extend to next June security-patch support for Windows 2000 Service Pack 2 and Windows NT 4.0 and Workstation Service Pack 6a. Ballmer also said the network perimeter would be secured, starting with Windows XP Service Pack 2. That service pack is expected to ship by next September and reduce buffer-overrun and other vulnerabilities. Windows Server 2003 Service Pack 1, due later this year, will inspect clients for malicious code before allowing them to connect to the network.

Microsoft has been focusing on its Trustworthy Computing initiative since early last year, but bugs continue to plague the company’s software.

Sanjay Kumar, Computer Associates’ chairman and CEO, has requested and received the resignations of three senior executives in response to preliminary results from an internal investigation into the company’s accounting. The results determined that CA booked revenue from some sales prematurely during its fiscal year, ended March 31, 2000, CA said in a statement.

As a result, Ira Zar, CFO; Lloyd Silverstein, senior vice president of finance; and David Rivard, vice president of finance, resigned from the company last week. The three oversaw the company’s sales accounting during the period in question. The investigation’s initial results revealed a number of software contracts in fiscal 2000 that appeared to have been signed after the end of the quarter in which the revenues were recognized. The revenue should have been recognized in the quarter in which the contracts were signed.

VeriSign last week continued to butt heads with the Internet Corporation for Assigned Names and Numbers over the future of its now-suspended SiteFinder service, which redirects users who mistype an Internet domain name ending in .com or .net to a commercial site that VeriSign operates. VeriSign officials held a press briefing to defend Site Finder, saying the service does not threaten the Internet’s security or stability. While acknowledging that Site Finder caused problems for some spam filters, VeriSign said the service adheres to all appropriate standards regarding wildcard or redirection services in the DNS.

ICANN held a meeting in Washington, D.C., to discuss difficulties Site Finder causes. Critics say it not only affects spam blockers but also triggers problems for blind and non-English-speaking users of the Internet. These critics say the bigger concern is that some ISPs are blocking Site Finder with homegrown fixes that might lead to Internet instability. ICANN’s Security and Stability Advisory Committee will issue a formal recommendation about whether VeriSign should be allowed to relaunch the service.

The Federal Communications Commission last week issued an order on wireless number portability rules that says wireless service providers must port a customer’s wireless telephone number to the carrier of their choice even if they have an outstanding bill.

Wireless service providers, including Alltel, AT&T Wireless Services, Cingular, Nextel and Sprint, were behind an effort to hold hostage phone numbers belonging to users with outstanding bills. The industry was up in arms over the suggestion that a business customer with a legitimate billing gripe would be forced to stay with a carrier until that billing dispute was resolved.

The order also says that wireless carriers are not required to have direct network interconnections within specific areas in order to port a customer’s wireless phone number. If wireless service providers “cannot reach an agreement on the terms and conditions of porting, they must port numbers upon receipt of a valid request, with no conditions,” the FCC says.

Fibre Channel host bus adapter vendor Emulex last week acquired Vixel, a maker of Fibre Channel switches, for $310 million. Vixel’s embedded switching products will be added to Emulex’s host bus adapter business. Vixel was one of the early switch manufacturers, but fell behind Brocade and McData.

Earlier this year there also was consolidation of the Fibre Channel switching industry when Broadcom acquired Gadzoox.