|
News
Editor's note: Vayusphere is an authorized ISV of Microsoft
Messenger Connect for Enterprises and Vayusphere's customers
will continue to have uninterrupted access to MSN Messenger
network. Copied below is a Press Pass dialogue with Blake
Irving corporate vice president of MSN at Microsoft
Q&A: Microsoft Discusses the .NET Messenger Service
Security Update
August 18, 2003 -- In keeping with its commitment
to provide customers ever-improving security and privacy protection,
Microsoft is requiring customers using older software to upgrade
to their Microsoft .NET Messenger Service client software.
To find out exactly what this means for customers
of Microsoft’s popular instant messaging service, PressPass
talked to Blake Irving, corporate vice president of MSN at
Microsoft.
PressPass: In a nutshell, what action is Microsoft
taking and why?
Irving: We are updating the Microsoft .NET Messenger Service
by requiring that only updated clients access the Service,
which will help ensure that our customers have the latest
security and privacy protections.
PressPass: Why is this update necessary?
Is it due to a security issue?
Irving: The update will ensure that all of our customers are
using the most robust security implementation available and
fuller privacy protections. With certain older versions of
the .NET Messenger Service software, there is a potential
security vulnerability that could impact customers. No customers
have been impacted to date, but we are requiring this update
to help protect against that possibility.
PressPass: How does this security update affect
Messenger users?
Irving: The upgrade will help ensure that all software accessing
the service is using the most robust security implementation
available. The security of our customers is our top priority
and we’re making every effort to ensure that all of
our customers are using the most secure .NET Messenger Service
client available. We are actively notifying authorized .NET
Messenger Service users of this requirement, but if any customer
hasn’t been prompted to upgrade, or hasn’t downloaded
the updated software, they can find more information about
various upgrade options at http://messenger.msn.com/Help/Upgrades.aspx.
PressPass: What’s the timetable for this update?
Irving: We began communicating to customers on August 18th.
The vast majority of our customers can download their update
today. Beginning September 18th, customers will be required
to download an upgraded version of the .NET Messenger Service
client before they can log in. On October 15, 2003, customers
who haven’t updated their client won’t be able
to log on to the .NET Messenger Service.
PressPass: Do all of your customers need to
download this update?
Irving: No. Customers who already have the following versions
of the .NET Messenger service clients will not be required
to update their client because it already contains the security
enhancements. Customers using any of these clients won’t
need to take any action:
- MSN Messenger v.5.0 and greater
- Windows Messenger v.4.7.2009 and greater
- Windows Messenger clients solely accessing a corporate
Exchange instant messaging environment
- MSN Messenger for Mac OS X v.3.5 and greater
Customers can find out which version they’re
using by selecting the Help menu in their .NET Messenger Service
client, then clicking “About.” Customers can find
out more information on the .NET Messenger Service clients
that do need to be updated at the Web site I mentioned before,
http://messenger.msn.com/Help/Upgrades.aspx.
PressPass: Will .NET Messenger Service users
experience any lapses in service as a result of the security
upgrade?
Irving: Most of our authorized users won’t need to install
an update, and for those that need to install an update, the
download will be quite fast. Unfortunately, in certain limited
instances, some customers may experience a brief interruption
of service while we are implementing the security update for
their particular client software. In addition, a very small
percentage of currently authorized users won’t have
an upgrade option available to them, and those users will
no longer be able to access the service. These customers include
MSN Companion customers and customers using some versions
of Mac OS 8, Mac OS 9 or earlier. Platform-specific information
is posted at http://messenger.msn.com/Help/Upgrades.aspx.
PressPass: Requiring an upgrade seems fairly
dramatic. Has Microsoft ever done this before?
Irving: In the corporate environment, mandatory upgrades are
not uncommon. Corporate IT managers know that they need to
keep their systems up to date with the latest security measures
available. And any user on a corporate network knows that,
on occasion, the network manager will either directly upgrade
software on users’ computers or require users to perform
the upgrade. In the consumer space, we can only upgrade some
features on consumers’ behalf, and when we’d like
users to upgrade their software, we use various methods to
promote the availability of the software. But this is the
first time that, for the sake of all users’ security
on the .NET Messenger Service network, we are requiring users
of older software to perform an upgrade. In this instance,
we feel it is important enough to assure that all customers
have the same baseline security and privacy protections that
we are going to the length of requiring an update.
PressPass: What effect will this update have
on third-party instant messaging services that make use of
the .NET Messenger Service and their customers?
Irving: We have been working with a number of internal groups
and external partners to ensure the update is available to
the vast majority of our customers. We have also notified
several unauthorized instant messaging providers that their
services will likely be impacted. Because of the need to help
ensure a secure network for our consumers, unauthorized third-party
instant messaging services that do not have an agreement with
Microsoft to access and make use of the .NET Messenger Service’s
infrastructure are unlikely to continue functioning once this
security update is deployed. Any service provider interested
in formalizing the interconnection between its service and
the .NET Messenger Service should contact Microsoft at (http://messenger.msn.com/partners/certification).
PressPass: What is your current position on
interoperability?
Irving: MSN remains committed to discussing interconnection
options. Over the course of time, however, it has become clearer
and clearer that interconnection arrangements between instant
messaging providers will need to be established formally –
by establishing a direct relationship between the interconnecting
service providers and not in an ad hoc, unmanaged way. Again,
anyone interested in discussing such a business relationship
should contact Microsoft at the following link (http://messenger.msn.com/partners/certification).
PressPass: Why are you now enforcing this
position via this update?
Irving: Our primary motivation for this update is to assure
a uniform degree of privacy and security protection across
the .NET Messenger Service. As we were planning the rollout
of this upgrade, it became obvious that this also is the optimal
time – if not the only time – for us to assure
that those third-party service providers that want to continue
to make use of the .NET Messenger Service’s infrastructure
formalize their interconnection relationship with us. Going
forward, these more routine business relationships will help
us ensure the networks remain secure and that the commercial
terms support the respective businesses.
PressPass: Why is interoperability so hard?
Why can’t you guys just get along?
Irving: IM services continue to evolve technologically and
as businesses. Most IM services are still built on different
technology bases and protocols, and the business models that
will support the services over the long term are still maturing,
too. More often than not, it takes a long time to get interoperable
networks on the same global scale of the current IM networks.
For example, it took decades to get interoperability and interconnection
of basic telephone service across different systems, and you
still can’t take a mobile phone from one network and
simply use it on any other mobile phone network. We believe
that, with our focus on formalizing interconnection arrangements,
we will make better progress towards long-term solutions than
via the current ad hoc, unmanaged approach. But it is fair
to say that we have come to this conclusion through our experience
over the last several years; we have learned that interoperability
will not occur overnight.
Vayusphere Instant Response Server, Vayusphere
IRiS, Vayusphere Instant Messaging and Vayusphere MiG are
all trademarks of Vayusphere Inc. All other product and company
names mentioned are the property of their respective owners
and are mentioned for identification purposes only.
Copyright ©2003 Vayusphere, Inc. All rights
reserved.
|
