Vista slowing Microsoft?

From MSNBC MSFT could be down graded due to slow Vista adaption, that is a pretty big thing.

I believe Microsoft focused heavily on the new security items in their marketing of Vista but the value there is not catching on.  To me, its the only real value of Vista.

The industry may be learning that security in new software products is now a given but unless you are marketing  security products security is not something that can be used as they key item to sell a new product. 

My guess is Windows 7 will have great security but it will be much less marketed -- and Windows 7 will be fast, with great new value.   If it does not what will people migrate to when their XP machines wear out?

Vista - does anyone really care?

As a former Microsoft employee and long term partner, one of the longest, I am surprised to see how little interest there is in Vista outside of the trade press.

In this article only 7% are looking at rolling out Vista upon its release.  Our surveys show similar numbers (4%) of initial and we show 11% looking at Vista in early 2007.  I hear the same thing when I talk to customers.

I recall clearly the roll-out of Windows NT and how fast things moved from Windows, and before that how fast things moved to Windows 3.0/1; People stayed up all night to get Win95, Windows empowered the end-user, NT fixed a big problem -- it was stable and Windows was not, NT had solid networking built-in (bye-bye Novell). XP supported more Windows applications, had a nicer UI and it was more stable and secure and it was a big thing. Even Windows 2000 seemed to draw more attention in the field that Vista when it shipped and it still took a long time for DS/GPO to take hold, and I still recall the Windows 2000 launch party... Vista does not seem to have the draw, maybe XP SP2 is solid enough. I have noted before that the web is where things are changing, people care far less about the desktop, no surprise there.  The action is not on the desktop, even though much work is still done there today, but mainframes are also still in use...

Vista is shipping this week.   

My History with Microsoft

I am often asked about my personal history with Microsoft, I have blogged on this a bit in the past but here is a short refresher.

I am an ex-Microsoftie. I joined Microsoft in 1986 after working on an IBM PC product that was hosted on Xenix, Microsoft's Unix product at the time.  The project was canceled because something called MS-DOS was taking over the PC world. With project being cancel so I realized I needed to find a new job, I was not out of work but its no fun being on a dead project I quickly learned, and being fairly fresh out of college my options were a bit limited. Thankfully Microsoft came along. 

I knew MS-DOS was changing things as with the PC so I joined Microsoft after a day of fun puzzle solving and code writing. At first I thought it was a bit of a joke but after a while on that interview day I learned to enjoy the deep interaction with those people building a new industry.

After a few years of writing kernel code, working with OEMs and then writing things like Window's installer etc. I chose to leave Microsoft and start my own business.

After a few years of working with Microsoft via working with Microsoft customers, we here at Shavlik created a set of pretty good security products rolled under one GUI and called Inspectorscan.  Circa 1995. 

In 1999 Microsoft asked me to write a version for Inspectorscan for their internal use, which we did.  As part of that I designed what is now mssecure.xml and hfnetchk.  Shortly afterwords Eric Schultze joined Microsoft and put a lot of efforts in to those products and the results are well known.  Microsoft also asked me to move hfnetchk into MBSA, a number of years ago now, which I was glad to do.  We also created our own product, HFNetChkPro along the way also. 

Microsoft recently said their end-users would not let them end Microsoft's distribution of our hfnetchk and mssecure.xml which made me pretty proud of all of our efforts over the years and the number of people using our products and related xml information.

So here it is, over 20 years later and now I just watch the product development from a safe distance (safe for the engineers who feel I get in the way just a bit :) and we are still releasing products to help Microsoft customers out.

Shavlik's engines live on in MBSA 1.2.1

Update: our beta test for our updated command line patch scanner, Shavlik NetChk Analyzer, is looking good and we expect to release it the last week of April, we will make a formal announcement shortly (its released)

Microsoft's customer base has asked Microsoft to continue support the Shavlik HFNetChk engine found in MBSA 1.2.1.  We will still release our updated version of the HFNetChk Command line shortly, with much more speed and many more products that the roughly 3 year old engine found in MBSA 1.2.1 along with full product support so customers do not need to support the multiple engines Microsoft requires for full security.   

Update: we decided to go with a beta of our latest engine, beyond what is shipping today, with Microsoft keeping MBSA 1.2.1 around a bit longer, this beta will go out soon.  Assuming a solid beta we will release the final product in time for the May patch day.

Here is a good link on the topic also, "MBSA 1.2 will live on, says the software giant, after massive public outcry" along with more Shavlik information on our update to MBSA 1.2.1. SMS will use our engine (the older version) until 2010 according to Microsoft, but that is a very old version of our engines.

Doug Neal from Microsoft was kind enough to post  this note to our Patchmangement.org site today (thanks Doug!)

"The MBSA 1.2.1 End of Life has been extended beyond the March 31, 2006 date.

Details:

The previously-posted March 31, 2006 end-of-life (EOL) date for MBSA 1.2.1 and the MSSecure.XML file has been rescinded. The new End-Of-Life date for both MBSA 1.2.1 and the MSSecure.XML file is being extended to an undetermined time.

Microsoft is extending support for the MBSA 1.2.1 tool and updates to the MSSecure.XML catalog file beyond March 31, 2006 in order to collect customer feedback on the MBSA suite of tools and security update detection needs. A new support lifecycle end date for MBSA 1.2.1 will be updated by June 30, 2006.

Communicating this change:

Last week the MBSA Home Page and MBSA 1.2.1 FAQ pages were updated to explain this change. KB articles 306460 and 914791 will also be updated in the coming weeks.

Answers to common questions:

Q: Why is the MBSA product team extending the MBSA 1.2.1 EOL date?

A: Removing MBSA 1.2.1 support at this time would create a gap in security update detection for Microsoft products still in mainstream support but below the WSUS baseline of supported products (MBSA 2.0 supports only products supported by WSUS). Since the MBSA 2.0 tool alone does not provide complete security update detection for customers with products below the MBSA 2.0/WSUS baseline, support for the MBSA 1.2.1 and Enterprise Scan Tools are being extended to ensure these customers of continued and complete update support. Extending the MBSA 1.2.1 EOL date provides customers additional time to use MBSA 1.2.1 + the Enterprise Scan Tool to detect current and upcoming security updates while providing additional time for Microsoft to assess the needs of customers before setting a new EOL date.

Q: Why is there no MBSA 1.2.1 EOL date posted at this time?

A: The MBSA product team is looking for additional customer feedback to provide the best solution for customers who still require features available in the MBSA suite of scan tools. Instead of setting a new date that may be subject to change, the MBSA team is taking additional time to further assess customer needs to ensure the next solution provides a more comprehensive patch scanning solution before a new date will be announced. This further update will come on or before June 30, 2006.

Q: From the updated message, it sounds like you might be planning a survey?

A: Yes. One of the methods the MBSA team will use to gather detailed customer insights will be through a survey that is planned for posting in the coming weeks. Check the MBSA home page for updates and a link to the customer survey when it is available.

Q: Does this affect SMS 2.0 or 2003 customers using Software Update Inventory Tool?

A: No. SMS customers would have had continued, unbroken SUIT scanning and deployment support (which is based on MBSA 1.2.1 technologies) even if MBSA 1.2.1 had been end-of-life'd as planned. There is no effect on SMS customers using the SUIT or Extended SUIT tools.

doug neal

Microsoft Baseline Security Analyzer (MBSA)

MBSA 1.2, 2.0, EST, CSA and MSSECURE.XML scan tools"

Microsoft employee perspectives

I'm an ex-Microsoftie from back in the NT Kernel days.  We got a lot done without many people.  When I joined Microsoft were about 200 developers, testers, product mangers etc.  From that group came Office on the PC and Mac, Windows, Windows NT, and the development tools such as Visual C++ and VB.  (We also did OS/2 but that has been removed from the Official Microsoft history, but at one time that was the largest software project in the history of software and many of those 200 people were on that project).  That relatively small team built the core that is Microsoft today, and what much of the computer industry is today.

Having worked for Microsoft in Redmond during the critical transitions made to Windows NT I thought some of these Microsoft employee blogs where interesting.  Mini-Microsoft  This is a pretty rich blog and the comments can get too negative, but the employee blog entries themselves are what I found interesting.  People wanting to create great software and trying to figure out a way to do it in a large company, which can be difficult to do at any large company, it is certainly not unique to Microsoft. 

All successful software companies grow from their core and face the same challenges Microsoft does. Rapid success is not always good, growth comes fast and internal structural changes come slower creating a company that could be out of balance.  Hiring can go too fast, where the quality of available to hire talent is not large enough to meet the needs of the business.  That is a tough point for a company.  One of the HP founders apparently said a company should only grow as fast as it can find quality people to hire, but if you do that do you miss markets? I am not sure, but I have found its better to grow at the rate at which you can hire great people.

At first I did not want to post this blog reference as it may make me look like I was bashing Microsoft, but after reading the blog entries based on the title of the blog it was clear that this blog is worth sharing "Let's slim down Microsoft into a lean, mean, efficient customer pleasing profit making machine! Mini-Microsoft, Mini-Microsoft, lean-and-mean!"