Will hackers make a fool of Larry Ellison?

COMMENTARY-- One of the first things they teach you in the Journalists' School of Hard Knocks is to always leave yourself an out. Facts are facts but only to an extent. When it comes right down to it, few are always, provably true. And what seems like truth today may be reduced to "yesterday's confusion" as soon as tomorrow.

So, I am loath to say anything is absolutely positively anything if there's the slightest possibility I might be wrong. I know I can count on you, dear readers, to fact-check every word in every column and post a TalkBack if you think I'm off base. Your bark does bite.

Larry Ellison apparently hasn't learned this lesson. I understand this may be because his underlings have a tough time telling the great man he is hallucinating--just as he was when he was promoting a $500 Java-based "Net PC" as the antidote to all-Microsoft-all-the-time.

Well, he's back at it. He is taking on Microsoft yet again. Only this time he is doing it with the claim that his new e-mail server is "unbreakable," an iron-clad guarantee meant to take advantage of the many, many security holes that have made Microsoft's Exchange the Swiss cheese of servers.

Why Larry thinks his e-mail server will fare better that Microsoft's is an open question. Most people I know believe that anything is hackable and no company--Oracle included--could stand up to the barrage of attacks hackers aim at Microsoft servers every day.

Oracle isn't Microsoft--at least in the eyes of hackers. Microsoft is, well, Microsoft. And it has the largest installed base of e-mail servers on the planet. So perhaps Larry will enjoy a free ride, at least for now. But handing out stickers that read "Unbreakable" above an Oracle logo is like waving a red flag in front of a charging bull.

Of course, this is the same guy whose Comdex keynote last week was promoted with big signs promising "Larry Ellison Live," almost as if there was some question whether he'd appear in the flesh.

Succumbing yet again to his galloping Gates-envy, Larry is promising customers a more stable, more secure e-mail server than Microsoft offers. Ellison notes, however, that he isn't looking to compete with Microsoft's Outlook client software, which customers would still use. Instead, Ellison wants customers to move to a replacement server based on Oracle's database technology.

"We don't want people to migrate from Microsoft e-mail. We want people to throw out Microsoft Exchange for a server that works," Ellison said.

Oracle said the new software would allow corporations to use Oracle's 9i application server and database together as an e-mail server. Application-server software is technology that runs e-business and Web site transactions and sits in front of databases. Oracle executives said a single Oracle e-mail server could support 10,000 users, allowing companies to replace multiple Exchange servers with a single Oracle server.

Customers could use one Oracle database server--equipped with the application-server software--to store all of its e-mail. And that is the secret, according to Oracle, to making it more secure: Its technology can store a large number of messages in one database--as opposed to multiple copies of Exchange--and that makes it easier to contain viruses.

It would be easy for Microsoft to lock Oracle out of its Outlook client software, or at least severely limit the features of the Oracle solution. What's more, Oracle faces the issue of user management, which Microsoft has closely tied to the creation and maintenance of user's network accounts.

As the administrator of a small Exchange server, I'm not Larry's target customer. And I wouldn't be anyway, as I am pretty happy with how Exchange works for me. Further, just because Larry says his server is "unbreakable" doesn't make it so. And even if Oracle e-mail is truly secure today, that doesn't mean it will still be hacker-proof tomorrow.

Microsoft has never made any such claims, and with good reason. It's learned from the e-mail school of hard knocks. We've all lost count of how many times Redmond has been forced to race to build quick fixes and patches for one security bug or another.

If Larry gets his way, I suspect Oracle will end up doing the same thing. If enough bad guys want you, nothing is truly secure. And if bad-guy hackers take the bait, Larry Ellison's bravado could subject both Oracle and its customers to a quick, humiliating, and painful lesson.

Is Ellison's bravado opening up Oracle to attack? Does Oracle stand a chance against Microsoft in the e-mail server space? TalkBack to me!