Microsoft

Miller immediately shot an e-mail to Hotmail tech support, assuming that a representative could easily fix his “Passport,” the log-in template that stores personal information for users of Hotmail and other Microsoft services.

Yet Microsoft told Miller his account couldn’t be fixed. “I’m sorry to say this,” came the reply from Redmond, “but we cannot change a child’s account to a ‘Regular adult/full’ Passport account when you already gave consent to it.”

No reasons were offered, technical or policy-based. The e-mail merely encouraged Miller to keep going through the convoluted process of giving himself permission “by using another parent account.”

Miller, a software quality assurance expert, could hardly believe what he was reading. Microsoft’s inability to simply change the age, or even delete and re-create the account, seemed ridiculous. Though perhaps not quite life-threatening in importance, to Miller the incident bore a significance that extended beyond your average software nuisance. If Microsoft’s engineers couldn’t fix an apparently minor problem with Hotmail, how much confidence should Net users place in Microsoft’s much more ambitious plans — with its much ballyhooed .NET initiative and HailStorm — to absorb their online lives?

“These kinds of problems are indicative of slipshod design,” he says. “They certainly say something disturbing about the entire .NET initiative.”

Microsoft’s .NET plan, which some observers see as part of a comprehensive strategy to battle AOL Time Warner for mastery of the online universe, is built on the premise that users will allow the consolidation of their personal information on centralized Microsoft server computers. The payoff is supposed to be “seamless” access to a vast array of online services. But to critics, the consolidation of e-mail, instant messaging and other goodies in the hands of Microsoft — beyond, obviously, sounding antitrust alarms — would make everyone more dependent on Microsoft’s software infrastructure. And that infrastructure is already prone to virus attacks and other weaknesses that the rest of the Net has so far managed to evolve strong defenses against.

Microsoft representatives argue, in return, that Hotmail still works better than other Web-based e-mail services. Defenders of the company suggest that Hotmail’s growing pains offer valuable lessons for Microsoft that will actually help .NET succeed.

But Dave Miller’s Hotmail woes are hardly unique. In 1998, news traveled quickly around the Web of a method to steal Hotmail passwords; a year later, Microsoft paralyzed the service by forgetting to reregister the Passport.com domain name.

Meanwhile, outages have become commonplace, almost every-month occurrences — and not just for Hotmail. Microsoft’s Instant Messenger service — which also uses Passport — suffered a 10-day outage earlier this summer, and in late July, millions of users lost Hotmail access for several days after Hotmail’s Windows NT servers were infected by the Code Red virus — a problem that primarily affected Microsoft NT servers, and not computers running Linux-based or Unix operating systems or the Apache Web server program.

Microsoft’s goal of becoming a one-stop shop for the entire Net is no secret. But is such a place, to paraphrase the company’s own ubiquitous advertising slogan, really where we want to go today, let alone tomorrow?

Many of Hotmail’s problems can be blamed on sheer size. When Microsoft bought Hotmail in 1997 for $400 million, the service claimed it had about 9 million users. Over the past four years, that number has jumped to 110 million, according to Microsoft.

Scaling up is always a problem for Internet applications, but Web-based e-mail is especially hard to manage, says Lawrence Hughes, author of “Internet E-Mail: Protocols, Standards and Implementation.”

It’s “extremely difficult to get right,” Hughes says, because the service tends to be a bandwidth hog. Whereas desktop-based e-mail programs use only a few kilobytes to transfer mail, Web-based e-mail demands more, sometimes as much as a megabyte per user.

“This can drastically limit the scalability of the application, even on one-GB [gigabyte] servers,” Hughes says.

Maintaining complete locked-down control is also particularly hard for Web-based e-mail because log-in processing doesn’t take place on the PC, but rather on the server, so there’s more of an opportunity for malicious crackers to intercept the data. The widespread use of JavaScript pop-ups adds another window of vulnerability. Indeed, the folks who made it possible to steal Hotmail passwords took advantage of both problems: They created a pop-up that requested Hotmail log-ins and passwords, so when some unsuspecting user typed in the confidential information — thinking the page came from Microsoft — it was sent directly to the thieves.

The lack of Web browser standardization also causes problems: Designers can’t completely control the look and feel of a Web site in the way that the makers of Eudora, or Microsoft’s own Outlook, can control their user interfaces. Such quirks also make it easy to introduce bugs or glitches.

“It is unbelievably challenging to run and manage an online service of [Hotmail's] scope, regardless of who you are,” says Ray Ozzie, creator of Lotus Notes and the founder of Groove Networks, a peer-to-peer software company. “NASDAQ has had their share of highly visible problems recently, eBay and AOL have had their share over the years and so on.”

And instead of hurting Microsoft, Ozzie argues, Hotmail’s outages, security problems and minor troubles may actually improve the company’s chances of making .NET work. Solutions can be applied to more ambitious plans, “increas[ing] the probability that they’ll be able to manage the more strategically important services such as HailStorm when they indeed need to roll them out,” he says.

Ozzie, however, is hardly an objective pundit; although a nondisclosure agreement prevents him from revealing the details, he’s working with Microsoft’s Hailstorm team on yet-to-be-announced services.

And even if the Hotmail development process can be regarded as a training-wheels approach to .NET, that still may not be enough to ensure success, say critics.

“Is sitting in a wading pool good training for the Olympic high dive?” asks Miller. “You might learn some basics like, ‘Don’t breathe when your head is underwater,’ but you’re never going to pick up the technique until you buckle down and do it right.”

Ultimately, according to Miller and other critics, there’s only one way for Microsoft to make .NET a success — by radically changing the company’s corporate culture. It all starts with security.

.NET is more fragile than the average Microsoft initiative because every service will be attached to a centralized network rather than a stand-alone PC; a problem for one could be a problem for all. So in order to remove the risk of a complete meltdown — in order to obtain the steady reliability people have come to expect from desktop software systems — Microsoft needs to make security more of a priority.

It won’t be easy. Microsoft has continually “sacrificed security for default features,” says Roger Grimes, author of “Malicious Mobile Code: Virus Protection for Windows.” Outlook, for example, contains an auto-send feature that’s useful but is also regularly exploited to spread viruses. Windows NT’s basic default installation is also problematic, says Grimes, giving every connected user unfettered access — an open-door practice that drives security experts up the wall. (Other examples abound; Grimes says that Microsoft has chosen functionality over security in at least 19 cases.)

Microsoft maintains that both security and functionality goals are attainable. “Microsoft operates some of the largest Web services in the world, and we are very focused on making sure that customers can count on a secure, safe experience with those properties,” says Adam Sohn, product manager for the .NET platform strategy group. “HailStorm and .NET are built from the ground up with these tenets in mind, and were architected as Internet-native technologies with robust infrastructure for security, authentication and privacy.”

Sohn’s jargon mastery is impressive, but does not sway Microsoft’s more ardent gadflies. “The needs of a commercial software enterprise such as Microsoft” — the need to create new products that bring in revenue — “are fundamentally at odds with the growing need for software stability,” counters Steve Gibson, founder of Gibson Research Corporation, a security firm. Take, for example, Microsoft’s typical response to a security breach. The company posts a software fix or patch on its Web site, and expects users to download it and apply it themselves. Users bear the brunt of responsibility for ensuring their own safety. Does such a strategy mesh with the setting up of a system that will require users to trust Microsoft even more than they currently do?

“I have spoken with many system administrators whose voices are never heard,” says Gibson. “They lament that this ‘security model’ is bass-ackwards and that an unreasonable level of vigilance is being required of them.”

“The fact that Microsoft’s own Hotmail service — as well as one or more Windows Update servers before that — were unpatched [when Code Red hit] demonstrates the problem with the current approach,” Gibson says.

Microsoft should spend more time and effort plugging holes before a product is released, says Gibson. Or it could go one step further — and start embracing solutions that already work and are currently in favor with experienced Net users.

More than 50 percent of publicly accessible Web servers, for example, employ the Apache Web server program on top of Linux-based or Unix operating systems. Such software isn’t chosen simply because much of it is free or “open source” (meaning that the underlying software code is publicly available) — it’s also widely considered to be more stable. Stability, rather than revenue growth, is often the primary goal of the programmers who are constantly improving such software.

As a result, says Chris Coleman, open-source editor at O’Reilly & Associates, a computer books publisher, “There aren’t any worms for Apache. You just don’t see these kinds of [Code Red] problems.”

Hotmail actually started out with substantial open-source roots. When Microsoft bought the service, Hotmail made heavy use of portions of the FreeBSD operating system, along with Solaris, a proprietary Unix system developed by Sun Microsystems. Three years later, Microsoft moved Hotmail to servers running Windows. Executives argued that Microsoft software would do a better job, but if the company had kept the older software, Code Red would never have had a chance to take Hotmail down.

Few observers believe that there is any chance that Microsoft will base .NET on open-source software — in fact, many believe exactly the opposite, that .NET is in part a strategy designed to force the rest of the Net to wean itself away from free software. But in June the Wall Street Journal reported that Microsoft — despite previous claims — was still using open-source software for some Hotmail purposes.

Even if Microsoft did take some basic steps, tightening default security sessions and overcoming its reluctance to depend on software popular with the rest of the Net, there are still other concerns to be addressed.

Microsoft maintains that .NET is “fully redundant as well as geographically distributed to ensure availability” — in other words, it’s not supposed to crash. But the entire strategy is predicated on returning to exactly the kind of centralized system — with Microsoft and its products at the hub — that the Internet was supposed to supplant.

There are some obvious benefits to this approach. Having a “Passport” with your credit card information and address and other personal information may well make it easier to shop online. But it also sets up .NET as the ideal target for the seamier elements of the Net — marketers who want your personal data, and thieves eager for access to your credit card.

“Individuals and businesses really have to carefully assess the tradeoffs in relying upon a single point of vulnerability for things that matter to them,” says Ozzie of Groove Networks. “There are real tradeoffs — privacy, security, availability, cost — that we should all be thinking about with respect to placing data and applications at the ‘edge’ vs. the ‘center’ of the network. Neither is the ‘right’ answer for all situations.”

For .NET to work, argues longtime Hotmail user Dan Yurman, “all online providers of goods and services or content are going to have to address the issue of consumer confidence.” Microsoft’s own recent troubles, such as the 10-day outage of its Instant Messenger service this summer, “was not a confidence builder toward that goal,” he says.

Dave Miller, despite his criticisms, isn’t positive that the outages and glitches will damn .NET to failure. He says he believes Microsoft has actually done a decent job of keeping Hotmail afloat. It’s the little things that put him on edge: the idea that Microsoft is embarking on a major technological paradigm shift without knowing how to fix minor bugs. Maybe he just wants to be recognized as an adult when he signs onto Hotmail; maybe he just wants better customer service. But Miller’s anger has yet to subside. He figures it’s Microsoft that needs to grow up.

“When it comes to handling my personal information and money, I expect the handlers to have put some serious effort into planning for the contingencies,” Miller says. .NET still might work, he says, but “don’t expect it to be painless.”