http://software.itmanagersjournal.com/print.pl?sid=05/02/17/198257
IT Manager's Journal
Tracking the Evolution of IT
Title
Gates not his cocky self at RSA conference
Date
2005.02.17 14:33
By
Roger Smith
Topic
Security
Story URL
SAN FRANCISCO -- Hardcore open source security advocates might be tempted
to compare Bill Gates' opening keynote at the 14th annual RSA Security
conference at the Moscone Center to notorious poisoner Lucretia Borgia
being invited to address a convention of master chefs, given Microsoft
Windows role in enabling a plethora of security concerns over the past few
decades.
Microsoft's chairman and chief software architect announced plans for an
updated Internet Explorer 7.0 browser and a slew of other initiatives to
bolster security in Microsoft products. Reacting to increased phishing,
spyware, and malicious software (commonly known as malware) being directed
against the IE browser, Gates said that Microsoft now plans to release a
new IE 7 with added levels of security in mid-2005 rather than include the
new browser in the next version of Windows, code-named Longhorn, due in
2006.
Gates promised that the new IE would add protection from Internet-enabled
social engineering scams like phishing, a prevalent type of online attack
in which spammers send e-mail messages to dupe recipients into visiting
fraudulent Web pages that look like legitimate e-commerce sites to steal
sensitive personal information such as passwords and credit card details.
Responding directly to a deluge over the past six months of spyware
software that gathers and reports information about a computer user without
the user's knowledge or consent, Gates also told the 10,000-plus attendees
that Microsoft has decided not to charge for the next release of its
anti-spyware product, which it acquired when it bought anti-spyware
software maker Giant Company Software in December.
Microsoft Chairman Bill Gates at the 2005 RSA Conference.
The Microsoft founder reiterated his company's plans this year to buy
antivirus software maker Sybari Software and to add a Microsoft antivirus
engine to Sybari's server product that currently supports multiple
antivirus scanning engines. He also announced that a new version of the
Windows Update Service due in the first half of 2005 that will better
integrate the update process for Windows XP and 2000, Server 2003, Office
2003, and Exchange Server 2003.
Having personally seen the Microsoft chairman at last year's RSA
Conference announce plans to end spam within a year -- a goal he
acknowledged was not met in this year's keynote -- it was refreshing to see
a more humble Gates game to tackle less ambitious but equally relevant
security concerns in the Microsoft product line.
Symantec CEO John Thompson, who followed Gates on the RSA program, wasn't
quite as willing to let Microsoft off the hook for its security lapses,
saying that Microsoft's announced security initiatives were insufficient
for large enterprises and did not provide security for computer networks
that use different operating systems and technology platforms.
Microsoft is perhaps genetically unable to do cross-platform, Thompson
added, to applause from the audience. Unlike Microsoft, Thompson said that
Symantec is a company that wasn't distracted by computer games and a lot
of other unrelated stuff. Thompson gave several strong arguments
justifying his company's recent merger with data backup company Veritas,
saying that Symantec and other security companies need to expand into areas
such as storage and systems management to better manage issues such as
system availability and network access. We need to shift the game to
offense, and not just respond to threats, Thompson said.
The cryptography session included Burt Kaliski, Whitfield Diffie, Paul
Kocher, Ron Rivest, and Adi Shamir.
Cryptographers' panel time capsule
One of the most popular sessions, the Cryptographers' Panel, followed
Thompson's keynote. The panel was moderated by Burt Kaliski, vice president
of research at RSA Security and chief scientist of RSA Laboratories,
included the following panelists: Dr. Whitfield Diffie, Sun Microsystems;
Paul Kocher, Cryptography Research; Professor Ronald Rivest, MIT Laboratory
for Computer Science; and Professor Adi Shamir of the Weizmann Institute.
This year's panel took a time capsule approach, looking at videotaped past
panel predictions and how they turned out. One of the more the interesting
predictions that didn't turn out was one (from 1993) predicting the
widespread use of digital electronic signatures. Several panelists
qualified this prediction, saying personal digital signatures aren't
widespread but that the digital signature technology is included in SSL and
other security approaches.
Several predictions about identity theft and the movement away from
passwords were seen as prescient by several of the panelists, although
Rivest said that he, for one, thought passwords would