AT&T Tech Support 360
February 6, 2007 11:41 AM PST
Microsoft: Still more to do on security
- Related Stories
-
Vista for the masses
April 4, 2007 -
Will Vista stall Net traffic?
September 6, 2006 -
Ending Microsoft's identity crisis
February 16, 2006 -
Gates: End to passwords in sight
February 14, 2006 -
Gates predicts death of the password
February 25, 2004
Only last week, Microsoft released Windows Vista and Office 2007, promoted as the most secure versions of the operating system and productivity products yet. And it has been nearly five years since company chairman Bill Gates sent out his "Trustworthy Computing" memo, which said the software maker was turning its focus to security. But that doesn't mean Microsoft products are now watertight, said Craig Mundie, chief research and strategy officer at the company.
"This won't make (the products) perfect," Mundie said in a joint keynote speech with Gates at the RSA Conference here. "The challenges we face in building our products, and the challenges everybody faces in administering and using them, is that humans are humans and they make mistakes."
As more devices connect to the Internet, and as people demand access to data from anywhere, the security job will only get bigger and more complex. "This challenge is going to get a lot tougher," Mundie said.
Not all the pieces are in place yet for people to be able to freely and securely tap into online data while on the move, he said. But solutions to the challenges are beginning to emerge, both on the side of Internet infrastructure--in servers, routers and switches, for instance--and in individual devices.
"We will build this model of seamless, easy access across all these devices. But we're not really there yet. We're on the path to this future world," Mundie told the audience at the security conference.
Microsoft is pitching IP version 6, the next generation of the Internet Protocol, and IPSec, a suite of protocols for securing IP communications, as part of the solution. Windows Vista has IPv6 built in, as does the upcoming Windows Server Longhorn release, which also supports IPSec.
IPv6 is designed to support a broader range of IP addresses, as the IP version 4 addresses currently in use are becoming scarce. The new protocol will not only let more devices connect, it will also allow the use of fine-tuned security controls, since each device will have its own address, Mundie said. He said that features in Windows XP and Vista will help people move to IPv6.
Video: What's next in Windows security?
Top exec Ben Fathi on Microsoft's next development moves.
"There really isn't a challenge, in our view, in moving to the IPv6 infrastructure," Mundie said. "You don't have to contemplate some gargantuan infrastructure change."
Securing the actual data is another important piece in the puzzle, Gates added. He pitched BitLocker, a disk drive encryption feature in the higher-end version of Vista, as a way to lock down the data on a PC.
In addition, for businesses, rights management systems can help control the flow of confidential data, he said. For example, companies can use such rights settings to limit who can forward or open certain e-mail messages, reducing the risk of data loss, Gates said.
Then came a familiar message from Microsoft: eliminate the weakest link in the computer security chain by getting rid of passwords. Gates told the RSA crowd that he now has the right weapons to supplant the password as a means of verifying who is who on computers and over the Internet.
"Passwords are not only weak; passwords have the huge problem that if you get more and more of them, the worse it is," Gates said.
In Vista, Microsoft introduced Windows CardSpace for consumers to use instead of passwords. CardSpace is an application designed to represent an individual's wallet, holding different cards to use for identification in online transactions.
"That is one of the things that is in the Vista system," Mundie said. "I think people are going to have to acclimate to it."
For authentication in businesses, the software maker is promoting products such as its Identity Lifecycle Manager 2007, set for release in May. "We think this is the milestone where enterprises should start the migration from passwords to smart cards," Gates said.
See more CNET content tagged:
Craig Mundie,
IPv6,
RSA Security Inc.,
IPSec,
Bill Gates
"5 years of Trustworthy Computing doesn't mean Microsoft products are watertight" - yeah, I think the MS Office Parade of Zero Day exploits that's been ongoing for weeks and unpatched to date gave us a hint of that.
"But we're not really there yet in building a model of seamless, easy access across many devices. We're on the path to this future world." - How many injections of hard drugs does it take Mundie to spew this crap with a straight face?
"BitLocker", "rights management systems", "CardSpace" - aye carumba. Gates and Mundie just keep taking drags on that crack pipe without let up.
Too much BS to swallow, this article is choking me before this Microsoft user can get to the end.
I'm waiting on the typical "my os is secure" comment to be applied here. No, your os is NOT secure. Brand A may not have the same exploits as Brand B, but the converse is true. As long as there is a determined 'hacker' out there, there will be exploits.
fanboy-ishly.
BitLocker sounds a lot like Mac OS X's FileVault. What are the
differences?
Same with Card Space. This sounds an awful lot like a Mac OS X
Keychain. Are there differences?
spoke of his "Trusted Components Initiative"
http://www.trusted-components.org/
Meyer has also been influential in .net:
http://www.amazon.com/Bertrand-Meyers-NET-Training-Course/
dp/0130331155