Feeds

Microsoft preaches togetherness for online security

Let's touch people together

Beginner's guide to SSL certificates

RSA Six years after scrambling to lock down Windows and having challenged security vendors on home turf with Windows Vista, Microsoft is calling for a "dialogue" over online security and privacy.

Chief research and strategy officer Craig Mundie told RSA Microsoft's Trustworthy Computing Initiative has, since 2002, laid the foundation for "good design" in Windows but that the challenge is now to secure the entire stack - including applications like Office.

According to Mundie, weaknesses remain in management of software and hardware, while there's a need to weigh privacy of end users with the need for end-to-end security. Today's management systems are not sufficiently integrated and remain too complicated to tackle these challenges, Mundie said.

And, apparently, the job of managing and securing everything is too big for Microsoft to do on its own. In the recent past, though, Microsoft managed to alienate partners by thinking it could do a better job of securing Windows than others. The company has delivered antivirus, anitspyware and firewall software with Windows Live OneCare and also restricted access to the Windows Vista kernel. The first Windows Vista's service pack, meanwhile has disabled or encumbered third-party security products for the operating system.

Looking past Microsoft's solo act, Mundie told RSA the challenges are in interoperability of different security, privacy and identity systems, and of managing these across multiple devices, domains, geographies and regulatory systems.

"As we sit in here in 2008, it's really clear to me that despite huge progress on the security side - more remedial than pro-active - we do find ourselves [in a situation] where the intimacy with which computing devices touch peoples lives is escalating the challenges we have in privacy," Mundie said during a scripted fire-side chat with Affiliated Computer Services chief information security officer Chris Leach at San Francisco's Moscone Center.

"Ultimately we need collaboration with other people who are building some part of the process in the system," Mundie said. "We recognize the practical reality is people are going to have a lot of heterogeneous systems... there's no way we could postulate a solution to this."

Mundie called for a "formalized dialogue" with users, technicians and governments about how to specify the different elements that "make interoperability mandatory."®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.