Gates steps down and Symantec attacks Microsoft at RSA Conference
It was the first of many goodbyes. Yesterday, Bill Gates took the stage with his designated successor Craig Mundie at the renowned RSA Conference 2007. Starting in 2008, the founder of Microsoft will be devoting all of his time to his foundation.
Gates and Mundie emphasized the new challenges that IT security experts face. Up to now, they explained, protection from dangers was the focal point, but more attention is being paid to trust. Boundaries are being blurred as a growing number of devices support online connections. The two Microsoft representatives said that flexible, secure access to information was the main challenge that security firms face. Instead of blocking people out of networks, they said we need to look for secure ways to invite them in. Gates and Mundie stated that IPv6 and certificates will play a great role in that process.
Bill Gates reiterated his opinion that passwords are not a good solution for the long term; the more passwords a person has, the harder it is to store them securely. Gates believes that the future is in solutions that allow users to prove their identity by means of smartcards and certificates. But first, an infrastructure for identity management will have to be set up.
One of the main points in the keynote address that Gates and Mundie held, was the announcement that the CardSpace solution for identity management included in Vista will be supporting the independent OpenID 2.0 standard. Two years ago, CardSpace was presented as InfoCard. On Vista, CardSpace manages identities as digital business cards.
After Bill Gates came RSA head Art Coviello, who harped on the same theme, saying that the days are long gone when security functions could be added to applications after the fact. Now, security has to be an integral part of an application's functional scope. Coviello cited a forecast in which 200,000 new malware variants would be created in 2007 alone. Coviello saw this avalanche as a clear indication that previous approaches to virus protection are outdated.
John W. Thompson, head of security firm Symantec, stated in his speech that he agreed with the position of previous speakers: the main challenge is in creating trust for online transactions. But Thompson did not refrain from taking a sideswipe at Microsoft by saying that accountants should not audit their own bookkeeping. When they do so, the conflict of interest is as obvious, he explained, as when a vendor of an operating system offers its own antivirus product for that system. The audience broke into spontaneous applause at this comment.
The keynote ended with a "Cryptographers Panel", on which cryptography legends Whitfield Diffie, Martin Hellman, Ronald Rivest and Adi Shamir discussed the current state of information security. The guests on the panel took a critical look back on their last 30 years and a look forward into the future. Hellmann sarcastically stated that there would probably be fewer cryptography experts now if, 30 years ago, the algorithms had not been so simple. Diffie agreed that it was harder for beginners to get into the field in light of the greater complexity today. Adi Shamir was unexpectedly pessimistic about the future, saying that the security of the systems we use worsens as the systems become more complex. He even went so far as to say that we would conclude 30 years down the road, that cryptography had won many battles, but lost the war for greater security.
The annual RSA Conference is one of the most renowned international security events. All of the keynote addresses are webcast and can be viewed any time on the RSA website.