Microsoft co-founder Bill Gates addressed thousands of computer-security specialists gathered at a San Francisco conference on Tuesday, calling for a “powerful paradigm” to thwart online crime.
“People want more flexibility and anywhere access with multiple devices,” Gates told a standing-room-only crowd of RSA Conference 2007 attendees. “We need a far more powerful paradigm to handle this.”
Gates and Microsoft “security guru” Craig Mundie backed a common standard for computer-security technology and agreed that the traditional practice of “building walls and moats” to fortify networks needs to evolve.
Mundie and Gates vowed that the world’s largest software company would work with others in the industry to advance “trustworthy computing” that enables people to use devices without fear of data being compromised.
“Everywhere you go on the web, there are issues about trust,” Gates said. “Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information.”
The Microsoft executives announced the upcoming availability of Identity Lifecycle Manager (ILM) 2007 and a test version of a security console for business computers.
They endorsed using computer-code “certificates” instead of user-remembered passwords as identification online.
“Passwords are not only weak, they [also] have a huge problem,” Gates said, lamenting that people often pick easy-to-deduce passwords and resort to using one password for multiple purposes. “You should present certificates instead of weak passwords.”
Connectivity
While people increasingly use laptop or handheld computers to access personal information such as financial and health records, most of those links are not on networks guarded by trained administrators, Mundie said.
“People want to connect every manner of smart widget from wherever they want,” Mundie said. “The threat landscape has evolved in fairly dramatic ways.” Microsoft said its ILM software supports using certificates or smart cards for verifying identities online and will be available in May.
Microsoft also said it is in a new collaboration to fight “phishing”, the use of phony websites to trick people into revealing sensitive information.
“It is very clear to us that this connected world creates a requirement that we all work together to make secure, anywhere access a reality,” Mundie said.
The challenge of computer security has transformed from building walls around systems to keep intruders out to protecting information in systems that need to be accessed by off-site employees or contracted venders.
“It is like we’ve been in the medieval age of computer protection,” Mundie said. “We put bigger walls, wider moats and drawbridges. What we didn’t see was the airplane and the missile coming at us.
“We could continue to invest in the fortress mentality, but most would agree that the castle is pretty porous — people are leaving and others need to get in.”
Flexibility
Governments around the world are well along the path to more flexible computer networks that better identify online users and restrict access accordingly, Mundie said.
Microsoft will “be there by the end of the year” with its partners, he added.
Among the security measures being devised are features enabling the senders of messages to dictate whether they can be forwarded or printed out, Gates said.
“With email, one person forwards it to just one person who forwards it to just one person and so on until it is on the front page,” Gates said. “Security things are always about the weak link.”
The Yankee Group predicts that about 2 000 variants of malicious software, or “malware”, will be unleashed on the internet this year, according to the RSA.
While hackers of earlier decades tended to be young computer wizards seeking glory, current attacks are often the work of criminals bent on profit.
The black market for procuring “identities” is expected to near $1-billion this year, according to RSA president Art Coviello.
“The reality is we haven’t implemented information security at all; it’s a complete misnomer,” Coviello told the gathering after Gates and Mundie spoke. “We’ve secured the perimeter, to use the castle metaphor, when what we should be doing is securing the king. Information is the king.”
This was the 16th annual conference and it boasted an attendance of more than 15 000 people, the largest turnout in its history. — AFP