Imagine you're a king in a thick-walled medieval castle protected by a wide moat, but upon exiting the castle the drawbridge is left down and the crown jewels are no longer safe from thieves.
That's the metaphor Microsoft Corp. Chairman Bill Gate evoked Tuesday while speaking to an annual get together of 15,000 computer security experts in San Francisco.
"We used to think of the data center as a glass house that was very isolated," Gates said. "But if we look (at) what actually goes on -- consultants come into your company, employees who are not onsite need full access -- we cannot think of that glass house as the way to define what can connect to what. We need a far more powerful paradigm."
Then Gates repeated Microsoft's claim that Windows Vista was the most secure operating system in the company's history. But he acknowledged that all software has "weak links" -- particularly when thieves steal servers with confidential information, or when employees use simple, obvious passwords on multiple accounts.
Instead of passwords, Gates suggests "public key certificates" -- combinations of digital signatures and other identifying information such as a person's name, address, Social Security number and other data. He calls it the "identity metasystem."
"We all struggle to remember an ever-growing number of user names and passwords as we move between systems at work and home," Gates wrote Tuesday in a message posted on the company's Web site. "Because it is unlikely that a single digital identity system or technology will be universally adopted, a different approach is required."
Craig Mundie, Microsoft's chief research and strategy officer, said the software industry still views computer security with an old-fashioned mindset.
"It's like we've been in the medieval age of network protection. We build thicker walls, higher turrets, put drawbridges in front of the fortress," Mundie said at the security conference. "What we didn't see coming was the airplane and the long-range missile."
Evidence that no software is immune to attack came during Gates' and Mundie's keynote, when researchers at Core Security Technologies Inc. announced a vulnerability that could affect companies running Vista in conjunction with other programs from third-party software vendors.
Engineers at the Boston-based consulting and software company exploited a hole in a popular piece of backup software from Computer Associates Inc. to remotely compromise and take over a Vista machine. Researchers said they could repeat the hack using other third-party programs.
"We just want Vista users not to get lulled into a false sense of security. Vista can't solve all their problems," said Max Caceres, Core's director of product management.
The executives spoke at an annual conference sponsored by EMC Corp.'s RSA Security division.
Source:Xinhua/Agencies
Welcome to 'OZ' - The 'Other' Side of the Rainbow!! Posting is at 10AM, Noon and 2PM CST daily. Up to 12 days of posts on the main page. The archives have more. You can forward posts by clicking on the envelope at the bottom of the post. Enjoy your stay! *** If you need to contact me, or have a copyright issue, please use the "Contact The Wizard" form on the left side of 'OZ'. Original source and author is cited and credited in each post where possible. ***
***Disclaimer***
Disclaimer: The Wizard of 'OZ' makes no money from 'OZ' - The 'Other' Side of the Rainbow. 'OZ' is 100 % paid ad-free
Friday, February 09, 2007
Vista most secure Microsoft software, not perfect
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment