Microsoft Chairman, Bill Gates, at the RSA 2007 Conference, said that new methods of computer security are needed. While not pointing at Vista exclusively, Gates mentions of ‘PatchGuard’ and ‘OneCare Live,’ and later gave an example of Microsoft’s continued effort to improve security on its products. With that said, later the same day at RSA, two other companies proved successful attacks on Vista and its security. Those attacks avoided ‘PatchGuard,’ being able to work on third party products. The software ‘OneCare Live’ recently failed the VB100 test and, like Windows Defender, the failure was due to slow updates.
Gates and his successor, Craig Mundie, talked about security on the computer and the need for better security on a personal level. That is the reason they are supporting efforts by OpenID and other initiatives like it.
John Thompson, CEO of Symantec, came close to mirroring Gates and Mundie. "Today the network perimeter can't be locked down," Thompson said. "It's no longer defined by the physical assets in the data center or the desktops in the office. The reality is -- people are today's new perimeter.” In talking about Vista, its ability to use Smart Card technology, and OneCare the Microsoft developed Virus and Malware application, Thompson implied that Symantec is able and willing to compete with Microsoft in the security appliance market.
"You wouldn't want the company that is keeping your books to audit your books. That same logic should apply. You wouldn't want the company that created your company's operating platform to be the one that is securing it from a broad range of threats. It's a huge conflict of interest. By working together, we can untangle this conflict of interest. Through cooperation and collaboration and healthy competition I have no doubt that we can create the confidence our connected world needs."
During his keynote address, Thompson talked about Norton Identity Client. Norton Identity Client is software that offers customers online credentials to protect them during online transactions. This is close to what OpenID will offer. While calling out Microsoft and claiming “conflict of interest,” Thompson may have been unfair in the assessment.
His opinion is not mirrored by many of the same professionals at RSA this week. Most IT professionals will tell you risking data, or network to one security tool, is a fatal flaw. Thompson sums up this point nicely with, “No one company is going to secure everybody and certainly no one can do it alone," he said. "No company is so dominant or so all knowing that it can provide the level of confidence needed throughout the entire online world.”
The conflict, if there is indeed one, is to the consumer. Many will follow the hype and trust Vista with ‘OneCare Live’ to protect them. Symantec has seen a sharp decline in sales, in regards to users switching to single modes of protection; and Vista now offers yet another single source. Using the mantra, ‘we are all in this together,’ Microsoft would better serve its customers, by developing the security on future patches and releases of Vista to better work with other security tools.
As it stands the UAC (User Account Control) offered by Vista is more often than not disabled because it annoys the end user. ‘PatchGuard,’ because of its restrictions and limitations, is debatable. While ‘PatchGuard’ and its restrictions could help a novice user, it will prevent many programs from altering the system, something many advanced Windows users readily do. ‘OneCare Live’ is a new product and still untested against the other security products on the market. Alternative products such as AGV or Norton should enable those who are serious about computer or network security to combine several methods.
Ultimately, Thompson’s comments during his keynote are subject to debate. They mostly rely on opinion; no matter what side a person takes. If Microsoft is jumping into the personal security market, they will have to make serious and rather impressive movements forward from where they stand on security now.
what?Feb 8th, 2007 - 18:53:12
'That is, better protection both for and from the person, who uses the computer or accesses the network for a start.'
Huh?
Report this comment