Six years into Microsoft's Trustworthy Computing initiative, Windows Server 2008 (aka Longhorn) reflects Redmond's "three D" promise to deliver products that are secure by design, secure by default and secure in deployment.

"There's no doubt about it; this is the first full Windows Server revision [under Trust- worthy Computing]," says Rand Morimoto, CEO and principal consultant for Oakland-based Convergent Computing, which has been piloting Windows Server 2008 internally and for customers. "When they came out with Windows Server 2003, it had already been half baked before Trustworthy Computing began. Windows Server 2008 is built from scratch--the server core has a lot of security built in."

The verdict on the inherent security of Server 2008's code will be rendered in the number and severity of vulnerabilities that come to light in the months and years following its release (manufacturing release is scheduled for Feb. 27). Microsoft trumpets security as the primary design consideration for Windows Server 2008, the product of its security development lifecycle process (SDL). It retrained its development staff on how to write secure code and created threat models, performing extensive security testing against each model. These efforts should go a long way toward reducing flaws that can be exploited; for example, you won't have to worry about things like buffer overflow attacks against your Windows Server 2008 systems.