Bill Gates opened this year’s RSA IT security conference
with a pledge to offer leadership to the IT industry on security.
The forthcoming Windows Vista OS will be strongly secure, he said.
“Security is the area that jumps out as the thing we have spent the
most time on.”
His company would, he said, share more of its expertise in
future. His address to the RSA conference in San Jose spoke of
Microsoft’s commitment to a ‘trust ecosystem’, to engineering for
security, to simplifying security, and to making platforms
secure.
Gates opened his keynote by wishing delegates Happy Valentine’s
Day, and mentioning an alternative offer he had declined: hunting
with the hapless Dick Cheney, who had accidentally shot a
78-year-old friend the previous day.
In the next but one keynote, Gates’ great rival Scott McNealy,
chair and CEO of Sun Microsystems, expressed his disappointment
that the Microsoft chief had failed to mention his own invitation
to go hunting.
In a knockabout speech, McNealy presented one of the nightmares
facing a newly appointed security system administrator: finding
yourself working in an all-Microsoft shop.
The Sun chief deplored the ‘Frankensteins’ of patched together
datacentres, on the one had, and the ‘Dolly the sheep’ environment
of the desktop. “There is just not enough genetic diversity on the
client side,” he said.
McNealy went on to rail against the “barriers to exit”
prevalent, in his view, in the enterprise IT environment, and
trumpeted his own company’s commitment to open source “from day
zero”. Sun is, he averred, organically committed to sharing, and is
dedicated to the cause of “ending the digital divide”.
He announced a new crypto accelerator product, to be released
later in 2006, and called Solaris 10 the “most secure operating
system in the world”.
Meanwhile, Microsoft’s chairman and chief software architect
stressed recent successes in the war against spam, and urged his
audience to drive wider deployment of SenderID. And he highlighted
the addition of computational proof to emails in new versions of
Outlook as an anti-spam move.
But the main Microsoft demonstration at RSA betokened a war on
passwords. Microsoft is working with others, such as VeriSign, to
establish a metasystem around digital identities. With that in
mind, the company will roll out a smartcard system, dubbed
InfoCard.
Gates said InfoCard will support Internet Explorer 7 on Windows
Vista, due out later this year, as well as Windows XP Service Pack
2 and Windows Server 2003 Service Pack 1 and R2.
He also demonstrated the information bar in Internet Explorer 7
turning either red or green as warning or assurance. This feature
has been co-developed with VeriSign, whose chair and CEO, Stratton
Sclavos, showed off the same functionality on day two of the
show.
Cisco’s CEO John Chambers opened the second day of RSA 2006 with
a double assertion that IT has come back as a number one change
driver in global business, and that security is central to that. He
beat the drum for the necessity of partnering and integration,
pointing to the 65-plus members of Cisco’s Network Admission
Control programme, and the 15 security acquisitions the company has
executed in the last year. “We have to partner,” he said, “we have
to go beyond the typical Silicon Valley mindset of doing it all
yourself”.
RSA president and CEO Art Coviello spelled out, in his keynote
speech, the context driving all this talk of sharing and partnering
- the rise of revenue-driven cyber criminality, focused, above all,
on identity theft. “We need to go on the offensive” against
increasingly sophisticated and well organised online criminals, he
urged.
Lest this rhetoric sound a bit overheated, ISS’s chief
technology officer Chris Rouland described the growing threat from
revenue-driven cyber criminals as a cold reality, and not one to be
dismissed as over-hyped.
“2005 saw the sunset of the self-propagating, self-navigating
internet worm. That was replaced by revenue-generating malicious
code”, he said. “For-profit hacking to the mass market saw its real
debut in 2005”.
Rouland described how the company’s X-Force research team, and
collaboration with law enforcement, has discovered that “hackers
are beginning to evade intrusion prevention systems, and are
investing heavily in doing that because they have become
mainstream.
“Our enterprise customers are very concerned that hacking and
malicious code writing have moved into a for-profit mode. In 1998
the top concern was ‘my web page will be defaced’. The top concern
now is ‘my intellectual property will be stolen and sold’.
“So, it’s more about data protection, with less concern about
the Windows bug of yesterday. And they are also concerned about web
application security and global device security”.
But the cyber-crime wave is the real deal, he said. “Take the
top spam guy in Russia who was assassinated - was that someone
tired of getting spam? Or was it because the spammer did not pay
his botnet bill? My money’s on the latter.”
Finally, “In 2006, bot armies will replace the worm,” he
said.