Bill Gates’ announcement of a new version of Internet Explorer with enhanced security and a greater focus by Microsoft Corp. on tackling spyware and phishing fell flat with some RSA 2005 attendees.
In announcing the beta of Internet Explorer 7.0 will be released in early summer, Gates acknowledged the browser update is meant to tackle security vulnerabilities in Microsoft’s current browser. The browser will be available to users running Microsoft Windows XP Service Pack 2 and includes enhancements to better respond to phishing attacks and other security vulnerabilities critics of the current Internet Explorer have complained about.
“Browsing definitely is a point of vulnerability,” Gates said. “Allowing people to have the richness and the extensibility, and yet be protected, that’s a challenge. You don’t want to lock things down so you can’t ever get to rich Web sites, and yet you still want to make sure this is not the path that security threats are coming in through.”
At the same time, Gates said the upcoming full-version of AntiSpyware will be available for free to Microsoft customers. A beta version was released in January as a free download.
Not everyone who attended the keynote found Gates’ announcements particularly compelling.
“My head started to nod a bit,” admitted Greg Mooney, technical team leader with the Ontario Teachers’ Pension Plan Board in Toronto. “Yes, they are using all the buzzwords and people are thinking Microsoft is finally doing things in those areas, but really all they are doing is buying other companies to help them do those things.”
Microsoft’s AntiSpyware was developed from its acquisition of Giant Software, and recently Microsoft announced plans to buy Sybari Software in a move to add anti-virus to its security solutions mix.
Robert Breza, director of security and infrastructure software, with RBC Capital Markets Corp. in Minneapolis said Gates did nothing more than add a bit more detail to plans already well known in the industry.
For example, Gates said the beta of Internet Explorer 7.0 will feature security enhancements available in Windows XP Service Pack 2 and Microsoft will work to unite disparate security and software updating services into single sites for specific customer segments. Consumers, are expected to Microsoft Update to get updates for Office and other Windows applications, while mid-sized businesses will use the feature for greater control over downloads and updates. Systems Management Server will give finer control over updates for larger enterprises.
Eric Cheng, a senior associate with risk advisory services for KPMG LLP in Los Angeles, Calif. was somewhat more enthusiastic about Gates’ keynote. He believes Gates’ comments touched on many hot button issues important to KPMG’s clients. These clients worry about security issues around the perimeter and on making sure information is accessible only to those with the proper authorization and with confirmed identities. “As we strengthen other elements of the system, the weak link often becomes the ability to guess at people’s passwords because they use the same password in many places,” Gates said. “So we have to strengthen this and strengthen the administrative tools around it so you know all your resources have the appropriate access controls applied to them.”
Avivah Litan, vice-president and research director with Gartner Inc. in Stamford Conn. said companies are moving away from using static password-based security solutions to authenticate someone’s identity.
“For the first time I am getting calls from banks and brokers telling me that there has to be a change from the password method,” Litan said “Passwords really don’t cut it anymore. For the first time companies are taking (two-factor) authentication seriously.” Litan predicts by 2007 75 per cent of banks and financial institutions worldwide will be using two-factor authentication methods such as token-based password and ID generators.
