Not everything Microsoft spawns is golden, but here are a couple of valuable nuggets

Sometimes it seems as though everything leaving Microsoft is long on marketing and short on usefulness — or downright broken. And then other times, as you’re dodging detritus, little golden nuggets start to appear. Lately, those little nuggets have turned into a steady stream of their own. I bumped into two Microsoft positives in a single week.

First there’s the announcement that Redmond is issuing a bounty on malware writers. Microsoft reps announced last week, along with folks from the FBI, the U.S. Secret Service, and Interpol, a new initiative to fight cybercrime internationally. And our northwestern countrymen added more than just a rubber stamp of approval; they put down $5 million, earmarked for use as reward money. According to Microsoft’s general counsel, $250,000 will become immediately available for information leading to the creators of the Sobig virus or the MSBlast worm.

Yes, Bill Gates probably has cuff links that cost $5 million, but it’s still a substantial sum and it shows that someone in rainy old Washington is finally getting the right idea. It’s time Microsoft started getting more personally involved with its software security troubles, and five big ones is a good place to start. All it took was several years of security disasters and multiple class action lawsuits across several states. Now let’s see if the company will invest more money in better code quality and more rigorous security-oriented QA testing.

That’s golden nugget One. Number Two actually caught me a little by surprise. I had written off Windows Rights Management Services  (RMS) as another Big Bro technology effort by the bespectacled man behind the rainy curtain. But after looking at it more closely, it turns out this stuff has some real uses.

To be released as an add-on to Windows Server 2003, RMS is at the moment only fully supported in Office 2003, though Microsoft is releasing server and client-side SDKs in the same time frame. RMS is intended to be a simplified method for controlling file and e-mail access within an enterprise. Usually, you wind up paying consultants quite a bit of money to conduct lengthy fact-finding missions so we can determine who has access to what: “Accounting should see the entire Ledger directory. Charlie can only see the 2001 and 2002 sub-folders but Mr. Hinglebing gets access to everything.”

Even in medium-sized companies, meetings like that can go on for weeks. RMS can speed this process up by allowing users to determine who has access to specific documents. Now you can not only write a document and data fair-use policy, you can actually enforce it, too.

RMS allows the creator of a particular file to define who can read it, change it, and for how long these rights last. So, for example, a project manager can create a project budget and specify that only senior executives and the purchasing department have access to it. He could also specify that only senior executives have the right to copy or alter the data — and only until the final approval date deadline.

What’s attractive about RMS is that it accomplishes all this without causing brain tissue leakage on the part of your users. IT personnel can predefine access templates stored on the server, and users can access these to define usage groups and assign access rights to each. Considering that all this functionality shows up as simply a few menus or radio buttons, this is really a decent bang for your buck.

Later this year, we’re supposed to see an RMS add-on for Internet Explorer, which will allow users to read RMS-protected files within the browser and also support the RMS-enabling of Web content. Another golden nugget on the horizon.