The drive for better security has to start somewhere, and it has Bill Gates says security has become a vital issue for Microsoft as it prepares its next release of Windows. The Microsoft chairman, speaking in Las Vegas at the opening of Comdex, said that security is being designed into Longhorn, the code name for the next desktop version of Windows.Gates also said that Microsoft is finding ways to provide tools Microsoft server software users to fight spam and viruses. The company’s CEO, Steve Ballmer, speaking in Tokyo at about the same time, echoed those words.It’s a refrain I’ve heard a lot from Microsoft recently. Nearly a year ago, I spent time meeting with the new security staffers from Redmond. Since then I’ve heard much about added efforts to tighten up the security in Windows and other Microsoft products. The results are starting to show. My initial experiences with Windows 2003 Server were frustrating because the OS is locked down. You have to specifically enable the services you want to use, making the rest of the software unavailable to viruses and worms. Of course, I’d been cruising along, certain that my long experience with Windows would see me through whatever I wanted to accomplish.I was wrong. I had no clue how to administer this new version of Windows thanks to its security measures. As a result, one review I was working on had to revert to Windows 2000.And this is a good thing — it’s not Microsoft’s fault that I was too lazy to learn the details of Windows 2003 Server before trying to use it. Like most of you, I’d gotten used to Microsoft Windows being totally open; everything was turned on. The company had now simply done what we column writers had been demanding: Make a very secure configuration the default setting. I eventually solved the problem by finding copies of Mark Minasi’s excellent Mastering Windows 2003 Server, and, of course, Windows 2003 Server for Dummies, by Ed Tittle and James Michael Stewart. (A short disclosure here: That last book was published by Wiley, the publisher of my most recent book Politics on the Nets, which you should buy immediately, preferably in large quantities.)Sound familiar? Unless you’ve been frequently sending your network administrators to training, you’re probably running into the same problem: As new servers are put into operation, you’re finding out that things you expected to work don’t.Welcome to Admin ’03. This is what the world should be like, but hasn’t been until now. It means that you will have less to worry about securitywise, but you will have to spend money on training beyond the usual level. It also means that you have more of a fighting chance against the barbarians on the Net. While the new approach won’t solve the problems with buffer overflows and similar exploits, it will solve other problems caused by simple laziness. This is not to suggest that pronouncements by Gates, Ballmer, or others will solve your security problems in their own right; it’s that Microsoft finally seems to be adopting the actions that go with those words. That’s good news for you and your enterprise. Just don’t let your staff undo those good moves by trying to administer your servers without knowing what they’re doing. At the very least, buy them a couple of books. Security