Feeds

Gates parades Windows security advances

Too much complexity?

  • alert
  • submit to reddit

Top three mobile application threats

RSA Bill Gates today announced Microsoft's latest plans to make Windows systems more resilient against worms and other security threats.

In a keynote address at the RSA Conference in San Francisco, the Microsoft chairman showed security improvements that will come with Windows XP SP2.

These include: Windows Security Centre; automatically turning on Windows Firewall; and browsing enhancements to Internet Explorer (providing far more control of ActiveX, for example). Security Centre will let users check the status of their firewall, anti-virus protection and automatic software updates from a single point.

Microsoft also showcased alpha code for Active Protection Technology, a behaviour blocker. The idea is to limit the ability of worms to cause damage to a computer or spread through a network. Such technology is already available from Cisco and a clutch of intrusion prevention vendors.

In his keynote Gates discussed building firewall and behaviour blocking technologies deeper into Windows, but disclosed nothing of Microsoft's plans for GeCAD Software, the anti-virus software vendor it bought last June.

According to Gates, no single technology can protect against the many types of attacks that companies face. Active protection technologies, such as those in development at Microsoft, are some of the defences that companies can use to bolster security.

If less is more, think how much more more would be

This is the first time Gates has appeared at the RSA Conference, now entering its thirteenth year. His well-received speech also discussed Microsoft's research in developing tamper-resistant biometric IDs, and outlined the company's plans to reduce the spam tsunami.

But security experts attending the conference raised concerns about Microsoft's entire design philosophy.

Microsoft will increase the complexity of Windows with any extra security feature it incorporates into the operating system, Paul Kocher, chief scientist at Cryptographic Research, argues.

Complexity is the enemy of security (the more there is the more there is to go wrong) so Microsoft is going the wrong way, he said: "Ultimately we should be trying to simplify things." ®

The Register RSA coverage in full

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.