Print this article | Return to Article | Return to CFO.com
After countless delays, Microsoft finally unveils its new computer operating system. Also in In Tech this month: A way to remember all those passwords.
John Edwards, CFO Magazine
November 1, 2006
Microsoft engineers know a thing or two about operating systems. Co-founder Bill Gates transformed the fledgling software publisher into a business powerhouse by buying the Disk Operating System, then shrewdly licensing the program to IBM. Later, Microsoft cemented its place in the corporate pantheon by launching Windows, the first non-Apple operating system with a graphical interface. In recent years, Microsoft has released a slew of revamped versions — not always to rave reviews. Windows 98 was fairly pointless, while the Millennium Edition was flat out dreadful. On the other hand, the reigning Microsoft OS — Windows XP — has been a huge hit with businesses ever since its launch five years ago.
And that's the problem. This month, Microsoft finally began corporate licensing of the successor to XP, the long-anticipated Windows Vista (née Longhorn). Not surprisingly, management at the company would like to see every compatible business PC upgraded to Windows Vista in short order. Among other things, Microsoft claims the new OS enhances mobile productivity and reduces deployment and support costs — big selling points for commercial users. The operating system also features a radical overhaul of the basic Windows user environment. Microsoft, in typical tech understatement, has been touting Windows Vista as "a breakthrough computing experience."
It remains to be seen if corporate customers are ready for such a mindblower. Users of older Windows operating systems like Windows 98 and Windows ME may switch simply because Microsoft no longer supports those programs. But more than a few analysts think Gates & Co. will have trouble convincing corporate customers to immediately dump XP. "This is not like the upgrade from Windows 98 to XP," insists Scott Golightly, a senior principal consultant at technology consultancy Keane Federal Systems. "Windows XP is so good in relation to Windows Vista."
Under New Management
Admittedly, a substantial amount of hand-wringing is generated whenever Microsoft releases a major upgrade to Windows. And critics concede Windows Vista has plenty of virtues.
Among hundreds of new features, the OS offers enhanced security options. With BitLocker Drive Encryption, for example, Windows Vista can store encryption keys and passwords on a dedicated Trusted Platform Module chip instead of in easily copied and hackable software files. That's particularly welcome news for businesses whose managers tend to forget where they left their laptops. "If a [misplaced] notebook computer were running BitLocker," notes Michael Cherry, lead analyst (Windows and Mobile) at research firm Directions on Microsoft, "the hardware would still be lost but the data would not be in danger."
Windows Vista also features improved enterprisewide PC management. For starters, the OS gives businesses better control over removable storage devices like thumb drives and iPods — seemingly harmless gadgets that can put entire corporate networks at risk. In addition, Windows Vista's Group Policy tool allows IT executives to centrally manage desktop settings and configurations, potentially lowering the risk of user-caused disruptions. Administrators can also set group policies for a wider range of functions and services (things like printers, power management, and Internet settings). Says Mike Burk, product manager for Microsoft's Windows client division: "Out of the box, Windows Vista will be less costly to manage."
The migration from XP to Windows Vista may not be painless, however — particularly for early adopters. A number of tech analysts believe the bevy of new features in the new OS may trigger some old problems. Certainly, it's no mortal lock that Windows Vista will play well with other enterprise applications. Cautions Cherry: "The reality is that some of these changes [in the OS] will impact how existing software runs with Windows Vista."
At the very least, key business applications, as well as programs like antispamming and virus-detection and –removal software, will have to be carefully checked for Windows Vista compatibility. An ERP client application, for example, may require that the user have administrator privileges. In that case, the ERP app must be upgraded to work with Windows Vista's User Account Control feature. "With Windows Vista waiting, business users need to get a firm handle on all of their assets," advises Steve Kleynhans, a vice president of research and client computing at technology research firm Gartner. "That [assessment] includes applications, management processes, and hardware."
Hardware could be a sticking point. The truth is, a whole lot of corporate computers will probably not pass muster in a Windows Vista universe. Microsoft states that the new OS requires, at bare minimum, a PC with an 800MHz processor and 512MB of memory. To achieve acceptable performance in the real world, a computer running Windows Vista will require a 1GHz processor, 1GB of memory, and a 40GB hard drive — well beyond what many small and midsize businesses currently employ. On top of that, a PC will need a high-powered graphics card with at least 128MB of dedicated RAM to fully exploit Windows Vista's snazzy graphical user interface. "With the new user interface," says Golightly, "the graphics processor in your machine could become as important as the CPU."
The bulked-up hardware requirements may see some customers passing on Windows Vista, at least early on. Industry watchers predict that scores of businesses will not switch to the OS until they buy new computers. Typically, such purchases are tied to the release of substantially more-powerful machines. Many businesses, for example, bought new desktops and servers this year because of the arrival of dual-core processors. Says Joe Wilcox, a senior analyst at JupiterResearch: "Unfortunately for Microsoft, Windows Vista is being released on the wrong side of a major upgrade cycle."
The software giant will also have to work hard to soothe concerns about purchasing first-generation technology. The fact is, Windows Vista is such a leap from XP that some customers may simply wait for any kinks in the OS to be ironed out. Notes Jim Murphy, a research director at AMR Research, "Many businesses believe, based on past experience, that early iterations of Windows Vista will present too many stability and security risks."
Those worries don't seem to phase Golightly. Despite the many merits of XP, he remains bullish on Windows Vista. "It's just too compelling to resist," he says. "I'm planning to upgrade as soon as it's released."
He may have to wait a little longer. Keen to patch any security holes, Microsoft recently announced that the consumer version of Windows Vista won't be available until January — too late for the crucial holiday selling season. PC makers, already smarting from exploding laptops and imploding margins, are no doubt thrilled by the news.
John Edwards writes frequently about technology.
The Password Is: "Annoying"
When it comes to computer passwords, employees aren't the cleverest bunch. Most network administrators will gladly regale you with lists of actual passwords chosen by actual employees that don't exactly qualify as brain-benders. Indeed, hackers who can't crack Snoopy or Soxrule generally end up in another line of work.
Of course, you can't blame employees for trying to keep their passwords simple. With IT managers struggling to keep interlopers out, many businesses now require workers to change their sign-ons every three months or so. And often, different passwords must be created for a number of tasks, including logging on to a network, retrieving E-mail, and accessing departmental databases. A new password doesn't always work straightaway with the offline version of a program, either, so the user must remember both the new and the 5 to 10 IDs and passwords — or more if the employee visits external job-related sites.
And these days, words alone won't cut it. Network administrators typically insist that sign-ons include numbers, typographic characters, past rulers of Sweden — anything to confound hackers. Forced to hold a cavalcade of unfamiliar passwords in their heads, employees tend to forget their sign-ons. According to Jonathan Penn, a principal analyst (Identity & Security) at IT consultancy Forrester Research, the average worker now makes four calls a year to a company help desk for password resets.
This gets expensive. A recent survey found that a single request for password help costs employers anywhere from $8 to $15. That means a company with 20,000 workers can end up shelling out almost $1 million each year helping users log on. Says Richard Weigand, IT program manager at the United States Postal Service (USPS): "It's clearly a universal problem."
What's My Line?
He should know. A few years back, managing employee passwords had become a real headache for USPS. Weigand says some of the federal agency's 150,000 users had nearly a dozen sign-ons. The situation had gotten so bad, in fact, that the help desk was receiving up to 30,000 password-related calls a month. "It was expensive for us," acknowledges Weigand. "And our user community was unhappy."
After examining the situation, USPS turned to single-sign-on software to solve the problem. Such programs, marketed by vendors like Unisys, CA, Novell, RSA, and Passlogix, enable employees to maintain one password for access to all approved applications, regardless of platform. Weigand says USPS was able to deploy the software (v-Go from Passlogix) without having to modify any existing code. As a backup, the agency also built a Web-based self-help system where users can reset passwords.
The result? The internal help desk at USPS now fields 5,000 to 7,000 password-related calls each month — a decrease of nearly 80 percent. More impressive: the agency has recorded this dramatic dropoff despite a doubling of its user population. Although Weigand won't give exact figures, he says the sign-on software and self-help system have saved the agency millions of dollars.
Small businesses can benefit from sign-on software, too. At Dionco Inc., a retail-consultancy in Chicago, president James Dion says he was tired of having to fill out virtual forms and remember passwords. It's understandable; Dion, who does a lot of online purchasing, carries 600 user names and sign-ons. "This is one of the biggest headaches for anyone who visits lots of sites that require password information."
To ease the pain, Dion purchased a Web-based program called RoboForm (from Siber Systems). The application automatically fills out blank entry lines and protects IDs and passwords. To get into a site, a user can either enter the specific password for that home page or enter a master password from RoboForm. The software then types the login. The program also automatically fills in Web forms. Equally important: RoboForm does all this without using keystrokes, thus frustrating key loggers.
Expect to see more companies signing up for single-sign-on software. There's certainly no shortage of applications to choose from. And Microsoft will flex some muscle when it launches Windows Live ID next year. The authentication software — essentially a revamped version of the much-maligned Passport program — will be part of the Windows Live suite of Web services. "Passwords aren't going to go away," says Forrester's Penn. "But once we hide everything from [users] and automate their use in applications, IT will gain a great deal of control over password management."
Esther Shein covers business technology from Framingham, Massachusetts.