This is a page of short background items supporting AAxNet Editorials to keep them from getting all cluttered up. It is not intended to be read from top to bottom, but you can certainly do so if you wish.


Microsoft's Financial Situation

Microsoft is totally dependent on a high and continuously rising stock price. A very high revenue growth is needed to support the stock price, since their only real assets are a customer list, "good will" and some rapidly aging computer code.

Without a rising stock price, Microsoft is in deep trouble. While they show piles of cash on the books, that cash is a fiction of accounting. They owe massive amounts of money to their employees and officers in the form of stock options. If the stock looks like it has a high downside risk and little possibility of gain, employees are likely to cash their options while they still have value, which could absorb pretty much all of Microsoft's cash.

While a low stock price reduces this debt to employees, it negatively affects recruitment and retention. Microsoft has traditionally paid substandard wages and made employees wealthy with the stock options. With slow growth and low stock price, the "best and brightest" will not go to Redmond and current employees will leave for better paying jobs (or Microsoft will have to pay a lot more).

In the recent stock decline from 119-15/16 to 55, Microsoft had two choices: revalue the options (which would greatly anger other stockholders, who have no such protection), or issue more options, which is what they did, increasing their long term exposure.

A lot more material, including charts, can be found at the site of financial analyst Bill Parish, particularly Microsoft Financial Pyramid.

The revenue growth rates Microsoft has traditionally enjoyed, and which accounted for the absurd price of their stock at its peak, are now next to impossible. The core market where they can leverage their Windows monopoly is saturated, and moves into other markets have meet strong resistance. Being found guilty on anti-trust charges hasn't helped.

To make matters worse, both competitors and partners now see Microsoft as vulnerable, and are willing to hang tough when making deals.

Because their markets are no longer expanding at a high rate, Microsoft must squeeze more from its existing customers. Microsoft Office, for instance, now costs corporations about three times as much as it did a few years ago - at the same list price (through changed license terms). Companies that load a standard Windows configuration are now required to buy two licenses for Windows, one that came with the computer, and another full license to allow disk imaging. Other revenue enhancements will be coming out steadily.

(Use BACK button to return)


Active Directory

Active Directory is a server facility that allows a user to access many servers on a large network with a single login, implements security policies, and maintains a global directory of resources. Large organizations have eagerly anticipated AD because managing large networks with Windows NT's pitifully weak domain directory system is nearly impossible.

A more capable, more mature directory service, Novell's NDS, has been available for years, but it has not been widely deployed due to Microsoft's marketing efforts. Microsoft told everyone Windows 2000 would be incompatible with NDS, that AD would be much easier to use, and that AD would support Unix and other major environments as well as NDS does.

Active directory has been out almost a year now, and is mandatory for the full function of Windows 2000 Server, but it is not yet widely deployed. This could be because it is incomplete, complex and difficult to manage, and it doesn't work quite right. Of course it doesn't support Unix or other environments either, but Microsoft ever intend it to.

The complexity of Active Directory has even large organizations who badly need directory services hesitant to implement it. All the technology rags have published articles describing the months of planning needed to succeed. Several software publishers have issued expensive ($15,000 and way, way up) packages to help ease the transition. Consulting firms circle like sharks.

So, is NDS being deployed instead? Of course not. To deploy NDS now would be to admit you held up progress in your company for years for nothing. No PHB or corporate drone is going to do that. They're stalling, but eventually they're going to put in Active Directory.


Now, how does all this corporate stuff affect you, the small business person? It's the "mandatory" part - if you put in a Win2000 server, you get to deal with Active Directory. It's also a key part of .NET - the future of Windows.

When you deploy Active directory, your network becomes incompatible with anything but Windows 2000 workstations (and partially with specially patched Win95/98/NT). AD is not compatible with Unix, Linux, DOS, Macs, OS/2, Windows 3.1 - or even with Windows Me (an incentive to buy the more costly Win2000). Nada!

Microsoft calls this the "Windows 2000 Native Environment".

Well, can't you just not install Windows 2000 Server and avoid all the AD problems? You can for now, but expect Microsoft to adjust future releases of all their products to require Active Directory.

The world is not without hope though. The Samba Team and other Linux development groups are working hard to clone Active Directory compatibility for Linux and Unix. This article will give you a taste of the complexity.

(Use BACK button to return)


Microsoft's Security Model

Microsoft's marketing strategy is "tight integration" and "easy to use". Their design philosophy is based on the single user computer. Their programmers are hired right out of college and have no business network experience. Microsoft's management is very aware that security does not sell their product - features sell their product.

Security requires check points and firewalls which interfere with tight integration. Security is always annoying to users. Secure networking needs to be built in from the start, it can't just be added on later. Designing effective network security requires experience and a deep understanding of network usage. The more features a piece of software has, the more likely it has security holes.

It takes little skill to compromise a Microsoft system. The "Love Bug", which cost companies hundreds of millions of dollars worldwide within just a few hours, was written by people with only a few weeks of classroom training in using Microsoft applications. All they did was use automation features that are part of Windows. Most other major attacks have been similar.

None of this will be fixed, because fixing it would go directly against "easy to use" and "tight integration". Microsoft is a marketing company, not a technology company, and marketing considerations are always given the highest priority.

Microsoft defends itself by telling us any other environment would be just as vulnerable if it was as popular as Windows. This is simply not true. Only Windows allows an unknown process to run automatically with full access to all system and network resources without user permission. Only Windows has tight integration among all it's programs with no check points or firewalls.

"Heard about the Linux virus? It works on the honor system. First it asks you to please e-mail it to all your friends, then it asks you to please log back in as root so it can tell you how to trash your system."

A Windows virus can be very small, because it doesn't need to bring tools with it. All the tools will be made available by Windows, Office and Outlook on the victim's computer. Since almost everyone's system is exactly the same, the virus can be very simple.

Microsoft defends itself by saying it's all the dumb user's fault, while its marketing pitch is that Windows is so easy to use your users can be as dumb as you like. Smart, careful users are victims too. Viruses can now launch without opening an e-mail attachment, the message need only appear in the mail reader's preview window. Viruses can be launched just by visiting a hostile Web site.

Some 60 Windows file types can carry viruses, and dangerous ones can easily pose as safe ones. Rich Text Format (.rtf) files are perfectly safe, they contain only text. Word (.doc) files are dangerous because they can carry a wide variety of viruses. An infected Word document can simply be renamed from file.doc to file.rtf. The user sees a safe .rtf file, but Word recognizes it as a .doc file and opens as a .doc file, launching the virus.

Because Windows hides file extension of known file types, a virus can be placed within a Word file named file.txt.doc. What the user sees is file.txt, looking like a perfectly harmless file. There are many, many more simple tricks like these.

No other environment plays any of these games.

Microsoft says you need have no fear so long as you implement proper security practices. I suppose that's why their own network gets infected every time a new virus comes along and why they have to shut down their e-mail system while they clean up.

On the server side, there are vulnerabilities resulting from sloppy development. Microsoft issued over 100 security bulletins in 2000. It's not just the quantity, but the seriousness of the flaws, a number of them allowing complete control of the network to anyone exploiting them.

Microsoft points out that Linux has a similarly high count. Funny thing about how the counts are kept - if a Linux flaw is found, and Red Hat, Caldera, SuSI, Mandrake, Turbo Linux and Debian each issue a notice on it, the count is 6.

Yes, it is possible to keep a Windows 2000 / IIS e-commerce server about as secure as one running Unix / Apache, but that's often not the case. Microsoft markets its products as so easy to use you don't need skilled (expensive) staff. On the Internet, that's just not true, but it's what business wants to hear, so it sells the product. Staff often has neither the skills nor the budget to keep up with patches.

Microsoft defends itself with demonstrations showing how secure its products are, but they do not use anything approaching real world conditions.

They boast that Windows NT 4.0 achieved government C2 security certification. This is true - for a single server configuration, in a locked room, with no floppy drive, no network card, no modem, and no serial connections, in fact no connection but a power cable. Not a particularly useful server in my opinion. C2, by the way, is pretty much the bottom layer of the security stack.

Microsoft put a Windows 2000 Web server up on the Internet and issued a "Hack This" challenge. Nobody was able to break in because the server only had port 80 open (static Web pages). This is not a real world situation. Any server with only port 80 open would be just as secure.

(Use BACK button to return)


©Andrew Grygus - Automation Access - www.aaxnet.com - aax@aaxnet.com
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners