Microsoft

Microsoft Easily Tops Reduced Forecasts
On Strong Demand for Corporate Software

By REBECCA BUCKMAN
Staff Reporter of THE WALL STREET JOURNAL

Microsoft Corp. easily topped reduced expectations for fiscal
third-quarter profit and revenue, riding robust demand for corporate
software that contrasted sharply with the woes of some other technology
suppliers.

The Redmond, Wash., company said sales rose 14% over the year-earlier
period as it aggressively sold its new Windows 2000 products and
squeezed more growth out of its workhorse Office suite. But Microsoft
said it remained somewhat guarded about near-term earnings growth,
still
struggling with slumping demand for personal computers. The company
predicted fiscal fourth-quarter per-share earnings -- including a
one-cent acquisition charge -- of a penny or so below current consensus
expectations, though it said fiscal 2002 revenue would fall at the high
end of some analysts' expectations.

For the fiscal third period ended March 31, Microsoft said net income
rose slightly to $2.45 billion, or 44 cents a diluted share, from $2.39
billion, or 43 cents a share, last year. Analysts had been expecting
earnings of 42 cents a share. Revenue rose to $6.46 billion from $5.66
billion, and was about $300 million ahead of Wall Street's consensus.

The upside "is obviously very encouraging," particularly in light of
the
recent blowups at other technology companies, said Rick Sherlund, an
analyst with Goldman Sachs & Co. Though Microsoft's growth rates remain
below historical highs, leaving its stock richly valued, investors will
likely bid the stock up "because it's big, it's liquid and it's
probably
not going to have a train wreck," Mr. Sherlund said. Several new
products, including new versions of Windows and Office, are also on the
horizon.

Indeed, in after-hours trading, Microsoft's shares advanced 6.3% to
$72.35. As of 4 p.m. Thursday, before the announcement, the stock was
up
$2.61 at $68.04 on the Nasdaq Stock Market.

Microsoft's revenue growth was substantially greater than that posted
by
rival Sun Microsystems Inc., which surprised analysts Thursday with
news
that sales in its just-ended quarter rose only 2.2% from the previous
year.

Sun and Microsoft compete head to head in the market for selling
high-end "server" software to big corporations. So Microsoft's recent
gains could show that Windows 2000 is "gaining momentum when Sun is
not," at least among midsize companies, said Melissa Eisenstat, who
follows Microsoft for CIBC World Markets in New York. But the results
could also indicate that Microsoft simply didn't sell as many products
to now-defunct Internet companies and troubled telecommunications
firms,
trends that likely hurt Sun. "That is a real factor," said David
Readerman, an analyst with Thomas Weisel Partners Inc. in San
Francisco.

Still, Mr. Readerman called Microsoft's performance, particularly
growth
in corporate software sales in a very tough market, "stunning." Mr.
Sherlund of Goldman Sachs admitted to being "a little embarrassed" at
cutting his Microsoft estimates three times in March, when it turns out
he shouldn't have.

Microsoft Chief Financial Officer John Connors, however, acknowledged
that Microsoft's revenue remained below what the company had
anticipated
at the beginning of its fiscal year last July. At that time, estimates
for fiscal third-quarter revenue were higher: SG Cowen & Co. analyst
Drew Brosseau expected the company to report revenue of $6.8 billion.
Since then, corporations and consumers worried about the wider economic
climate have bought fewer computers, decreasing demand for software.

But Microsoft managed to do well in the just-ended quarter, partly by
capitalizing on the continuing revenue from long-term "enterprise"
agreements with companies, Ms. Eisenstat said. And Mr. Brosseau
believes
Microsoft's businesses might have been spared some problems because,
unlike competitors such as Oracle Corp., it isn't as dependent on
closing a few, big deals to make its quarterly revenue targets.
Microsoft "is in essence selling lots of little products to the end
user," whether it is a company or an individual consumer, he said.

But Mr. Brosseau noted that Microsoft is still predicting roughly flat
revenue growth for its next quarter, ending in June. Microsoft expects
to earn 41 cents to 42 cents in that period, including a one-penny
charge for its purchase of the former Great Plains Software Inc. That
compares with analysts' 43-cent-a-share consensus, according to Thomson
Financial/First Call. But revenue for fiscal 2002 -- the first time
Microsoft has released such estimates -- was projected at $28 billion
to
$29 billion, at the high end of analysts' estimates.

Microsoft said third-quarter sales of "enterprise" software and
services
for big businesses grew a hefty 22%. Even the Office suite did well,
growing by 7%. That was even more surprising considering the imminent
launch of the next version of Office, dubbed Office XP, next month.
Tra***ionally, Office sales lag right before a new product release, as
consumers and companies wait for the newest product.

Microsoft pulled in $460 million in revenue from its consumer services
in the quarter, including its MSN Internet-access service, which now
boasts five million subscribers, the company said. Revenue was up 22%
over last year, despite the wider slowdown in Web advertising that is
hurting many Internet-content companies.

The company also disclosed that its cash and short-term investments
swelled to about $30 billion in the just-ended quarter, up from about
$27 billion in the quarter ended Dec. 31.



ANGELIQUE

Được sửa chữa bởi - despi on 22/12/2001 07:20

Gates told at the RSA Conference 2005 - San Francisco, California that Microsft will try their best to fix all securities issues.
Here what he said:
Well, moving on to broader security problems, there''''''''s no doubt that every year that goes by the world is more and more connected, the need for the Internet to work reliably and all the systems on it to be able to trust the information that''''''''s out there, it''''''''s greater all the time. And most of the talks I give are really focused on the great improvements there and how that will improve efficiency, how it will streamline commerce, how e-government is a fundamental improvement in the way citizens relate to the various departments -- fantastic advances. And the hardware industry is delivering its improvements. With new versions of Windows and Office, we''''''''re enabling new things and it''''''''s quite fantastic; bringing together the world of telephony, the world of video, the world of data -- very rich new scenarios going ahead at full speed.
And there''''''''s really only one thing that could stand in the way of realizing the full potential of that digital infrastructure, and that''''''''s the topic we''''''''re totally focused on here at this conference. Broadly, we think about these as the concerns around Trustworthy Computing. That''''''''s a very broad term for us, everything from privacy, keeping documents confidential, code attacks, social engineering, the broad range of things that we need to make sure are kept to a minimum and don''''''''t hold us back.
And so that is the top priority for Microsoft, the top priority in terms of our R&D, the top priority in terms of our communications with customers and helping them get the right configuration. And I can see that that will remain our top priority, because it''''''''s the one thing we need to make sure we get absolutely right to unlock all of those other exciting things.
Now, in terms of delivering on more secure systems, I think there are three general things that we do. The first is advancing the technology. We spend over US$6 billion a year on research and development. I''''''''d say that over a third of that is directly security-focused, and the other two-thirds all tie in and relate to that security work, all the new code being reviewed and going through the threat model, a pretty dramatic thing there. So, big advances on the technology front, and I''''''''ll spend most of my time talking about the milestones there and the road ahead there.
We also provide guidance to customers, and we''''''''ve stepped that up a lot. I think a lot of the kudos for the improved dialogue over the last year has come from being a lot clearer about how to use the capabilities there as much as the new capabilities we''''''''ve put out. so prescriptive guidance. And finally, working as an industry, making sure this industry is leading with standards, and dialogue with government enforcement tools to make sure that this industry is connected in the way that we should be, to bring people who exploit vulnerabilities to justice.
So what are the technology fundamentals? Well, first and foremost, there''''''''s the idea of how you write the code, what we call engineering excellence. Certainly, over the years, the ability to have automatic checking tools and really understand the nature of mistakes that people make -- that''''''''s been improving, and we''''''''ve built a lot of very special tools internally that do checking, checking for particular patterns, buffer type checks, fact type checks and general proof of the relationship between modules.
We''''''''ve had to invent a lot of this technology in the face of the need to have this extremely reliable software. We''''''''ve had to invest in training. We''''''''ve had to create a whole lifecycle as we go through and do the design analysis and get check-offs from security experts as we go through that. We''''''''ve had to create a new type of tester that has the mind of a malicious attacker, and both on a white box and a black box basis is performing attacks where there might be a level of vulnerability.
A lot of these things, like the way we do the threat modeling, have come out books that are required reading internally, but also now available externally. And the final element of this is having a Security Response Center. 24 hours a day, experts monitor lots of information coming in from our monitoring tools, and our partners and making sure that the response and understanding is very, very rapid and that we''''''''re sharing very broadly with people.
We''''''''ve been able to standardize a great deal of this, the regular updates coming on a monthly basis, but also have a system that when it needs to do something on an immediate basis, does that exactly the way it should.
Now, we want to take what we''''''''ve done internally and also make sure that''''''''s available to developers. Gartner looked at security problems, and said that 75 percent of them occur at the applications level and so that''''''''s code written by our customers.
As we talk to developers, they have a real interest in this information; 64 percent of them rated writing secure code as a key new skill that they want to acquire, and they want tools to really be able to go in and au*** what they''''''''re doing.
And so many of these tools that were initially used internally are now part of the Visual Studio development environment. We''''''''ve put those out in beta, things like the FXCop, PREfast, gsSwitch, AppVerifier, a number of them and now with the release of Visual Studio those get incorporated in so you''''''''ve got a very simple user interface there.
We''''''''ve taken our MVP program, the developers we work with closely, and created targeted security activity there, and that''''''''s all on the MSDN Security Development Center. So we''''''''re creating a community for sharing best practices, getting feedback, making sure that the tools are very strong there.
So let''''''''s look at the elements of technology innovation. I think we can divide the challenge and the needs for advances into four different buckets that I''''''''ve got here. Getting software up to date; that is, using the ability of the Internet to fix problems and making sure that operates faster than the ability of the Internet to propagate problems, so updating has been a big focus.
Isolation: This is a very profound technique that exists at many levels; isolation within a machine so bad code can''''''''t do much, isolation within a network and isolation perimeter type work. So isolation is fundamental. The Internet connects everyone together, but we have to be able to look at those connections and make sure there''''''''s the appropriate connections, and isolation is a fundamental technique for making sure we don''''''''t have the spread of malicious code.
A third area that is getting more attention is authorization and access control. As we strengthen other elements of the system, the weak link often becomes the ability to guess at people''''''''s passwords because they use the same password in many places. So we have to strengthen this and strengthen the administrative tools around it so that you know all your resources have the appropriate access controls applied to them.
And then finally, something that has really been probably the fastest growing challenge is what''''''''s gone on in social engineering -- the mail that encourages you *****pply information; phishing, code that encourages you to download it because it seems benign and yet it''''''''s actually spying on your machine or doing something inappropriate to your machine. And these are cases where from a technical point of view there''''''''s no exploit or anything, they''''''''ve simply taken the privilege of the user and fooled them into running code that they don''''''''t want to run. And so, we need significant advances to make sure that that category doesn''''''''t keep expanding the way it did this year. So important investments in all four of these areas.
Let me now take them one by one and talk about where we are and the new things going on.
Updates. You''''''''re going to have systems that you can''''''''t isolate, things that are in your DMZ or mail server receiving SMTP or Web server receiving HTTP, and so those exposed machines have code paths that are trigged by these arbitrary connections and making sure that if there''''''''s a way to exploit that code, that the update comes in, comes in easily with very little overhead -- that is crucial.
I''''''''m sure you''''''''ve all noticed that the amount of time between when an exploit is discussed by security experts and somebody with bad intent actually packages that up and tries to use it -- that amount of time has compressed quite a bit. If you go back two or three years, it was measured in months. Now that timeframe is measured in a few weeks, or in a few cases even in a number of days.
So the idea of this updating infrastructure being simple, being automatic, being clear about what''''''''s being included, there''''''''s been a huge pressure on that.
Fortunately, we''''''''ve seen a great response to that. Customers have been putting in the infrastructure, spending the time on this. They''''''''ve had a lot of demands in terms of reducing the size of those fixes so they''''''''re minimal, reducing it so that when we update a module it''''''''s only the critical fixes that come along with that. A year ago we didn''''''''t have that methodology for all of our software, we call that reduction of encompassed fixes. Now we fork and only give the ones that are critical, rather than everything that happened to be in that area. It makes a big difference in size and a very big difference in terms of the kind of application compatibility challenges that people have.
We''''''''ve come up with a way to automatically test these things in a very broad way before we put them out inside Microsoft. Typically, we''''''''ll have over 10,000 desktops running these things and hundreds or thousands of servers before they even get into this update process.
The regularity, the better use of terminology here, a lot of process-type improvements that have made this go more smoothly, and we really have a great engagement with customers, particularly the enterprise customers using deployment tools like SMS, smaller customers who are getting the updates directly from us, so this has been a real improvement.
In updating, the actual infrastructure is being used very heavily. The Windows Update piece, we''''''''ve got about 150 million people who connect into that. We''''''''re certainly encouraging at the consumer level that number to become 100 percent of consumer machines.
We did have a different approach for different products, so you can see on this slide I show a different user interface for Office, Windows, Visual Studio. What we''''''''re announcing now is that we''''''''re bringing all of this together, so there''''''''s just one update center, one scanner, totally consistent across the different products and now there''''''''s a single database. And the way you access it if you''''''''re a consumer, it''''''''s Auto Update, or even a small business would probably go through Auto Update. As your business gets larger, then you would use the free Windows capability called Windows Update Service, where you get to have a little bit more control and it connects to many machines. If you want really deep and rich control, you connect up through SMS, our Software Management Server that does the very rich updating. And so, each class of user has an interface in the connection that''''''''s appropriate to them and it works across all of these different products.
We beta this new infrastructure starting in March to simplify things, and we''''''''re excited to get feedback on that.
This is also where we update our so-called Baseline Security Analyzer so that it connects exactly up into the database, and you always see consistent results in terms of how you scan things and do analysis; so a very good evolution based on the importance of updating and the feedback we''''''''ve had there.
Well, let''''''''s talk about isolation. I said the first element here is isolating the individual machines, and our big advance in this during the last year was the delivery of Windows XP Service Pack 2. That was a major piece of work for us and I have to say that has gone super, super well. The response to it, the level of update is phenomenal.
We''''''''ve got 170 million people who did the automatic download and more people who have taken the CDs and installed those very broadly, so that''''''''s a very significant amount of updating.
On a weekend, if you look out on the Internet and see the activities that are going on, you have about half the users connecting up to Web sites who are using SP 2, and so here where we''''''''re about less than five months after the release of this, that''''''''s a good number, But over the next year, we need to drive that number up to be almost all of those users and so getting the word out about that is important.
We''''''''re having so-called Security Days in many countries where we talk about best practices, including the strong message about SP 2.
For a corporation, our message about SP 2 is a nuanced message. If you have machines that are behind your firewall, the urgency of updating those is not as great as for the portable machines that are going out and often connecting up in a completely open way. Over time, we''''''''d like to see all those things updated because you want multiple layers of defense, but the key thing -- and we''''''''ve had a lot of good dialogue on this with customers -- is those portable machines.
We also have an update of the Windows Server. This is called Service Pack 1 and it went into beta last week. This includes a quarantine capability so that when somebody VPNs in, the ability to check their machine and only give them very limited access until those checks have taken place, that is built in. So it''''''''s a very rich capability there.
We also have our anti-spyware product that I''''''''ll talk about more that''''''''s very important to make sure that arbitrary code doesn''''''''t get on the machine, even if it''''''''s brought in by a use action, that can compromise the security base.
( to be continued )
Được nhatcuonggsm sửa chữa / chuyển vào 16:42 ngày 26/02/2005

Bill:
The response to all the particular enhancements to Internet Explorer have been very positive. We''re also going to dialogue about what more can we do, because browsing definitely is a point of vulnerability. Allowing people to have the richness and the extensibility, and yet be protected, that''s a challenge. You don''t want to lock things down so you can''t ever get to rich Web sites, and yet you still want to make sure this is not the path that security threats are coming in through.
We have a dialogue to make sure that we''re understanding exactly what people would like to have us do in Internet Explorer, and what we''ve decided to do is a new version of Internet Explorer, this is IE 7, and it adds a new level of security. We will be able to put this into beta by early in the summer. And, one thing to be clear on, this will be in the Internet Explorer that''s available to people using Windows XP SP 2. Of course, as well, we''ll include these capabilities in the next release of Windows scheduled for 2006, which is our "Longhorn" release. But we decided we''re going to have the new capabilities even available befor having the Windows license to the install base here. Some of the advances include things focused on fishing, where people use URLs that appear to come from another location, things related to malware. So, it will be another important advance here, and we''re excited we have the dialogue to make sure we''re putting exactly what customers want into this.
We''ve talked about isolation on the individual machines, what I call post-isolation. Now we''re going to talk about how we can make sure that a machine that is running well doesn''t get connected to and somehow affected in a negative way by another machine. So, there''s a wonderful technique that lets you do this, and bring other benefits as well. And that, in fact, is the IPsect capability. It makes sure that the traffic is encrypted, so there is no eavesdropping or modification that can take place, but it also makes absolutely sure through the use of certificates that the machine that you''re connected to is the machine that you want to be able to connect to.
So, what this does is, it drops away from the notion of a single parameter with the firewall and says, ''Let''s make sure the connections are only the ones that should be there.'' Microsoft is using this itself. We have over 200,000 different devices and machines, and we''ve gone and rolled out the connections so that there''s no connections that we haven''t authorized there. We''ve made this easier to set up with the Security Configuration Wizard that ships in the Windows Server 2003 Service Pack 1. And we believe that this idea of controlling connections in a very rich way is a key element in the security mix. In fact, in Visual Studio, we''re going to make it so that you can develop new applications by using rich Web services that, as you deploy those applications, we automatically understand what users can connect to those applications, what machines they use -- and so we can set up without any extra work the idea of the IPsect enablement that that application wants.
If you turn off an application or change who can use it, we can automatically connect down and reconfigure the IPsect policy accordingly. So eventually you''ll just think in terms of application deployment, even though this mechanism will be down there working at the IP level to control those connections. So a new technique that we think will have very broad use.
Finally there is the idea of the perimeter, and making sure that''s handled very well. In this, of course, people have multiple zones. They have the things that are outside the perimeter that are connecting to the Internet, and then they have the things inside this corporate network.
People want to be able to examine exactly the protocols coming in, so they can restrict at a very granular level what operations can be performed by things that are external. And being able to set up these trusted zones, understanding particular applications, like Web service applications, or mail with exchange, building those profiles in is something we''ve done a richer and richer job of.
Today we''re announcing that we released our ISA Server 2004 Enterprise E***ion to manufacturing. That''s a product where if you have a complex network, it''s very important because it lets you set the policies in one place across many, many different machines. And it understands profiles like branch offices. It understands network load balancing, and the things that are very typical there. This is another thing that we''ve been using ourselves to great benefit now. It''s much easier to set up, and much richer, because permanent isolation, although it''s not the only level, it is a key element of an overall security strategy.
Let''s talk about viruses, detecting and removing viruses. The e-mail vector continues to be the primary means of virus threat, 88 percent of virus incidents in corporations are coming through e-mail. And it''s our belief that we need to beef up and really improve the scanning capabilities there. In fact, it''s argued that having a single engine to do that scanning is really not sufficient. You really want to take the best ideas of many people writing these scanning engines, and get those working on your behalf. Yet, you want to catch the thing early. You don''t want to necessarily have it get into the store. You want to scan at the SMTP level as well as at the store level. Both of those are very important.
We''re looking at building sort of the ultimate mail virus protection. We looked at what we''re using internally at Microsoft, that was the Sybari product. We looked at what they''d done with the multiple engines, the different layers of scanning, and really specializing in infrastructure and drawing on others for the virus engines. And we saw that as a very exciting approach, really allowing us to be able to say to our Exchange customers, ''We''ve got a complete solution here, and we''re going to integrate it in with the administrative interface in a nice rich way.''
So they were the leading provider. We were able to reach an agreement to buy them. They''ve got over 10,000 customers. Of course, it''s not only for Exchange, but for SharePoint and Live Communication Server. Those are emerging more and more as key collaboration tools, to making sure right from the beginning we get the same infrastructure and the rich support in those is a very big deal. So this will become in time a Microsoft product, one that we think is very exciting.
In the area of AV (AntiVirus), we can also say that we''re on a path to deliver a product that includes AV capabilities broadly to consumers by the end of this year. So AV continues to be a very important element, both the e-mail part, and other ways of blocking.
Now, let me turn to authorization. As I noted earlier, if somebody knows your password, it doesn''t matter what other security precautions have been taken, they obviously have access to your information and the ability to install code. So that is a serious problem. Yet, the complexity of managing IDs is making it almost impossible for even a very responsible person to be changing their password, making it hard to guess, using different passwords on all the different systems. There'' a lot of overhead in this, not just for the user, but for the IT department.
Password resets are a fairly extensive thing, and often that, too, is a weak link, where you can spoof somebody into resetting somebody else''s password. A lot of corporations and government agencies are stepping up now and saying, ''Hey, we''ve got to have stronger authentication.'' Many of the banks, and other corporations, Microsoft''s remote access, we''re saying it''s time to have multiple factor identification, and particularly bringing in the smart cards. The key element of this for us is using Active Directory. Active Directory, there''s been a huge investment in that, because it''s a common platform for file protection, mail set up, and all the different security things you want to run on your computer networks. To be able to have that ID, that includes user certificates in that, is something we think is very, very important.
So with the Windows Server update, Windows Server SP 1, we''ve included the digital identity management capability. That allows you to easily roam these certificates across different machines. It makes it easy to have high reliability with adding servers in without administrative overhead. It''s a pretty big improvement for the people who have been doing this. But, perhaps most importantly now, we''re getting it to a level where the guidance can make it simple enough where this will be done very, very broadly.
Another element of this is what we call the Microsoft Identity Integration Server, that''s our meta-directory product. It makes it very easy to set up for all the different directories you have -- human resources, other applications that you have -- and really define what the common attributes should be and how those move around, which is the master and what the policies are against that.
It''s very, very flexible. It''s got connectors for all the different things in the backend. By using a product like this, the overhead of directory management and the quality of directory management can be improved dramatically. If somebody joins the organization as a consultant to the organization, changes roles, leaves the organization, you go to one place, and that information is propagated in the right way across of the different places that it should be.
Another big milestone for us will be an update of the Windows Server that comes next year called R2. This is where we have federated identity management, the ability for corporations to simply at the administrative level exchange certificates, so that for all of the things like SharePoint connections, or applications, you don''t have to issue a new account and a new password. You can simply use the chain of trust, and have the authentication that took place in that other corporate domain be checked, and have that apply in terms of what permissions you want to grant there.
Federation is a very, very important thing. The only way we''re going to get all of these trust connections to work well is to have federation. It can''t just be a point-to-point thing. So this Server R2 that''s going on, the standards work that we did around Web services will be an important milestone there, and let you work with outside organizations in a very secure way.
We also think that it''s very important to have data protection. When we think about this, we think about Office documents, we think about e-mail that you may want to control exactly where that goes. We started in this market a little over a year ago with our Rights Management Server first version. We have now coming out the Rights Management Server SP 1, and a number of improvements, adding some new scenarios so that you don''t have to connect back to the main server, so you can store the credentials locally. That lets you do lockbox scenarios. Also supporting the smart card, which as I said is something we expect over the next several years that will become almost commonsense for corporate authentication.
So making it easier to deploy for our government customers, it''s a nice evolution here of the idea of data protection that is of critical importance. Of course, you have a lot of data in databases and things, but you also have lots and lots of documents that have key information, and this extends by having the right hooks in Office and the right administrative tools, it gets security out to that document level.
So I''ve talked about a lot of these pieces and how they can be used in the enterprise. Again, I think seeing it in action, how you set these things up, seeing what the user scenario looks like is the best way to appreciate what we''re aiming for. So I''d like to ask Josue Fontanez (sp), who is a senior product manager in our security business unit, to come up and show us these products in action.