McNealy to tech firms: Clean up your security act

SAN JOSE, Calif.--The digital divide won't get any smaller until technology companies clean up their security act, according to Sun Microsystems CEO Scott McNealy.

Not surprisingly, he offered up a remedy that involved some of Sun's pet initiatives.

Sun, which primarily sells servers that power the Internet, is aiming to arm the globe with computers that, in part, reduce the digital divide that separates roughly three out of four people in the world from accessing the Internet.

But McNealy cited security issues as a potential wrench in such efforts.

Scott McNealy,
Sun CEO

"It's not going to happen if we don't solve the security and access issues," he said Tuesday during a keynote speech at the RSA Conference 2006 here.

And for McNealy, the answer lies in open architecture and the sharing of code to address security issues.

He pointed to Sun's open architecture efforts, from Java to its open source Solaris 10 to its founding membership with Liberty Alliance, a federation standards group.

The primary causes of security problems are a hodgepodge of technology in data centers and virtually little differentiation among desktop computers, he noted. He said some companies, for instance, have technology from 150 different vendors stitched together in their data centers, which means security problems become compounded because each vendor issues a multitude of patches a year.

"And they wonder why they have a security problem," McNealy said.

On the client side of the equation, the problem is reversed, he added.

"There's not enough diverse DNA, so one virus can wipe out a lot of computers," McNealy said. "The reason we don't have enough diverse DNA is because we have a monopoly...with a partner that shall go unnamed."

Sun has long sung the praises of the thin client concept, with its Sun Ray line, as a replacement for the desktop.

But customers facing an expensive exit from their existing systems may be loath to adapt such technology. However, McNealy noted that such a cost can easily dwarf the expense of buying the original technology and related support costs.

McNealy's address comes as Sun steps deeper into security, and as customers are increasingly looking for ways to shore up their systems to conduct secure financial transactions.

Earlier this week, Sun announced two security initiatives, one a form of encryption for its next-generation Sun Java System Web Server. The other revises the way it delivers security features for Solaris.

The company introduced Sun Java System Web Server 7.0 with support for Elliptic Curve Cryptography, or ECC. Because ECC uses smaller public keys to unlock encrypted content, Sun said, the technology can speed computations for secure online transactions and requires less power.

Sun also debuted its Solaris Trusted Extensions, which are designed to replace some of the security technologies it offered to banks, government agencies and other organizations before it discontinued its practice of offering a second, secure version of Solaris called Trusted Solaris.

And in November, the hardware maker announced a partnership to offer Sun Secure Mail. The company, along with communications network provider Lucent Technologies and encryption software vendor Echoworx, partnered to offer Internet service providers a hosted e-mail encryption service. Sun Secure Mail is designed to give ISPs the ability to encrypt e-mail at the desktop, rather than change e-mail applications.

In the summer, Sun also expanded its identity management software offerings with two federated ID products. The federated products are designed to allow companies to identify and authenticate users, allowing them to securely exchange user credentials with two or more partners.

[Mr. Dee]

I sense Jealousy

McNealy is just jealous because his company does not have 95 percent of desktop OS penetration and over 60 percent server penetration like that other company he won't name. And the hypocrisy of saying diversity is needed on the desktop, but not on the server. He really needs to practice what he preaches. By the way, Microsoft released Windows Defender today, with that and Service Pack 2, where is the excuse in Open Source and Linux?

[solarflair]

Nixer's don't want 95% penetration of the computer market.

Windoze Pretender and Service Quack 2 released today--I'm impressed! This crap is not required on a nix system like Unix or GNU/Linux. Thats why apt-get, Yum and many other update systems for Linux are superior at keeping the latest patches available for installation.

The average time for a patch with GNU/Linux is 21 days, as compared to microslof which can average between 90 to 125 plus-days to even issue any patch. If microslof windoze ever even admits they have a problem, which is rare indeed.

Man, that was fast, 2 months to get the patches out for point and clickers on the WMF flaw which covers all versions of windoze.
By the way, the server market share penetration is NOT even close to the percent you stated. Most servers run apache (httpd) and that penetration is closer to 75-85 percent world-wide. It is true that the desktop deployment is only approx. 3 percent.

McNealy talks of diversity, meaning those windoze boxes will become zombie-bots launching worms and spreading e-mail viruses from one machine to another via the Internet and Intranet. The Outlaw e-mail program (Outlook) is a vaccum, sucking poor folks time, energy and money away trying to use their computers in a productive manner. Doing real work is a joke while using any form of windoze. You spend most of your time trying to fix a system that is closed and the source code is under lock and key. The system registry in windoze is garbage, easy to hack and or delete important keys which will crash the entire system.

Cheers, come and find out what freedom is--its never to late to learn something new, join the proud and the few.

But all bashing aside, I think windoze is trying to clean up its act. They have impressed me with the beta version of IE7. And if they keep the browser isolated for the kernel calls they can prevent many of the security issues of prior versions of windoze.

"As for being a Nixer", I don't have any excuse...

[Bill Dautrive]

Yeah right

Jealous of the most iunsecure OS and server on the market, i would be jealous also.

Who else but Microcrap would charge people to offer half-assed protection that is caused by their incompetance?

[markdoiron]

What a Hypyctite!

Is this the same Scott McNealy that a couple years back told everyone to "get over it, you don't have privacy on the Internet!"? And now we're supposed to trust him on security? Give me a break!

mark d.

[tenbosch]

Big Tough McWeenie

Scott's got a lot of nerve. He stands on the stage, telling his own customers that they have a hodge-podge of stuff in their data center. Similar to Apple, Sun is one of the most non-conforming vendors on this planet. The've invented their own microprocessor, their own programming language, their own thin-desktop design!!! If there's a hodge-podge, it's because vendors like Sun don't want to play well with the others. Like a previous poster said, what a true hypocrite. All being said, they are not alone, but he should be more cogniscent of the fact that his very own company partially owns responsiblity.

[wbenton]

Digital Divide - What is it really?

I believe the digital divide is between High-tech companies and low-tech companies.

Those unable to clean up their security act should be classified as low-tech.

That said, he is right on the mark about security. We are only as strong as our weakest link.

Thus when having 150 different manufacturer's products on a network... the entire network is succeptible to the weakest link product by low-tech companies.

Walt