January 15, 2002 3:15 PM PST
.Net breakdown: More to come?
- Related Stories
Microsoft's security push lacks oomphJanuary 11, 2002
Microsoft issues patch for "serious" XP holeDecember 20, 2001
Web services: The new buzzNovember 8, 2001
Microsoft wants Internet safe for .NetNovember 7, 2001
Security problems open Microsoft's WalletNovember 2, 2001
Developers: What .Net will cost youOctober 23, 2001
Microsoft.Net shrouded in mysteryOctober 18, 2001
HailStorm promise and threat remain distantAugust 30, 2001
Code Red for securityJuly 27, 2001
Can Microsoft weather its HailStorm?July 9, 2001
But the problem--the latest in a series--had .Net analysts questioning whether the software giant can deliver the reliability necessary for its widely touted 24-7 Web services initiative.
"Uptime becomes much more critical, and Microsoft has not been concentrating on that," said Daryl Plummer, group vice president for software infrastructure at Gartner, a market research firm. "If they are going to do that with .Net and with .Net My Services, they have to get better."
The .Net initiative is Microsoft's multibillion-dollar effort to use its software heft to gain a significant share of the Web-delivered services market. .Net relies on a newly created software framework designed to give customers a hassle-free, secure way of connecting with businesses over the Internet.
Microsoft will sell the software and developer tools needed to create .Net-enabled sites. But the company will also offer its own personalized Web services paired with a "passport" containing a consumer's financial information--a setup that will supposedly make online transactions faster and easier.
Known as .Net My Services, the collection of consumer information and services is a key component of Microsoft's strategy to charge Web users for a trouble-free Net experience and to sell businesses access to My Services customers.
But the scope of the plan has the technology industry's eyes on the giant, and several recent security incidents and service failures haven't inspired confidence. Nor has this new problem with the upgrade site.
"It is a service, and they are not doing a great job of it," said Gartner's Plummer.
"Everyone wants to be available all the time," Sohn said. "We want to be fast and secure as well. It's a task we are taking very seriously, and anytime anything happens, we take everything good or bad and learn from it."
Learning from experience
The company has had a lot of lessons of late.
This past summer, two Internet worms, Code Red and Nimda, hit Web servers running Microsoft's Internet Information Server software. And in November, a set of flaws in Microsoft's Passport authentication protocol left consumers' financial data accessible to potential attackers.
In this latest incident, Windows users started complaining last Thursday that while they could access the Windows Update Web site, they couldn't download the actual updates to Microsoft's Windows XP, 2000 and Me operating systems.
Left in the cold, they were not happy with the software giant's inability to keep its services up and running.
"Lets face it, Microsoft is not exactly a cashless company, (but) I feel pretty uneasy about depending on them when so often their services have gone down for days and longer without a backup system of any kind," said one affected user posting to an online forum for Windows & .Net Magazine.
"They have had plenty of time to anticipate problems and deal with them, let's hope they get their act together," the poster said.
On Tuesday, five days after the problem first occurred, Microsoft fixed it. The glitch was the result of a technician's error, according to a representative of Microsoft's Windows Update service.
"The software was updated on Thursday, and there was an error in the update," the representative said. "Now it's fixed."
The problem affected Microsoft's domain-name-service (DNS) servers--computers that act as the yellow pages of the Internet. Normally, the DNS servers provide the numerical Internet addresses of various Internet services--or, in this case, Microsoft-specific services--at the request of Web browsers or other programs.
Yet for nearly a week the process went awry, leaving Windows users unable to reach the servers that stored the update code. Among the updates was a critical security patch for a problem that could leave PCs running Windows XP open to attack by online intruders.
Microsoft estimated that as many as 8 million people were affected by the outage worldwide, but could not be more specific.
Despite concerns, though, some analysts said such problems were to be expected.
"Anytime you try to make things easier for users in some ways, you can screw up in other ways," said Will Zachmann, an industry analyst at market researcher Meta Group. "The whole thing with updates is an annoyance. They have had some glitches with it, and they have to work it out."
The software giant is learning from these episodes, said Microsoft's Sohn.
"We are in the building phase right now," Sohn said. "We are taking everything we learn and plowing it back into the planning and architecture process."
In the end, Sohn said, Microsoft will have reliability agreements for businesses and customers, including a specified amount of uptime for its .Net components and a commitment to protect data against unauthorized access.
"We will make a set of statements and bring in an auditor so we can be fairly transparent about what we are committing to," Sohn said.
Microsoft will have to work fast, however. With .Net My Services due to launch later this year, the company has less than 12 months to iron out its reliability and security problems.
Gartner's Plummer said that although the company may not meet the deadline, he has little doubt it will figure out the right recipe for reliability.
"They will have some problems at first," Plummer said, "but I think they will get a handle on it eventually."